06-01-2015 09:10 AM - edited 03-19-2019 09:39 AM
Hi,
could anyone tell me the best practice for setup networkdomain on the communication servers and LDAP User attribute for CUCM and IMP, regarding the following requirements
(presettings: internal user logon-domain is different to upn-attribute or mail-attribute)
- Jabber login - external and internal with the same login
Should i setup the networkdomain for the servers to the external domain and leave the user-id to sam, or should i use upn or mail and configure the networkdomain to internal-domain?
For my understanding, if i use the default config for IMP and setup user-id to upn or mail, the address scheme look like this user-id@domain@domain
To prevent this behavior i must configure Directory URI as im scheme, correct?
Regards
06-01-2015 09:59 AM
I believe you're asking about flexible JID, correct??
By default the JID is whatever you choose as userID plus @presencedomain
If you want to change that, then you need to sync to directory URI and sync that to mail or msRTCSIP-PrimaryUserAddress, and you will use whatever you're using in that field. If you have more than one domain in the field, then you will need to adjust SRVs for each domain.
06-03-2015 05:31 AM
Hi Jaime,
yes, this fact was clear to me.
Especially i mean the fact what is best practice, if you build cucm with imp and jabber (connect internal and external with same credentials) and if you have an internal domain, let's say domain.local and external domain domain.com. Your UPN is username@domain.local and mail is user.name@domain.com and only domain.local is the AD Domain.
My opinion is to set the username in CUCM to mail, all other attributes did not meet the requirements to have the same login external and internal. UPN is not possible, except the default username@domain.local, because of the fact that it is not possible to configure the search base in the ldap authentication option in cucm (cucm builds the user base with the domain portion of the login) . see https://supportforums.cisco.com/discussion/11233626/active-directory-synchronization-working-authentication-not-cubm-be5000-861a
The simple way is to have same domain internal and external, but that is not common.
Before Jabber, Jabber MRA and those gadgets it was softball, because the login depends only in what the users were familiar.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide