Re: Is ist possible to use User ID variable in <ConnectionUsername>

aoster · ‎02-14-2019

Hi all,

We are using AD for user auhentication in Jabber for Windows but have a separate LDAP directory as contact source. The Jabber clients are configured as phone only mode.

We would like to use the user ID used for Jabber login also for the login to the LDAP directory.

So far I have tried the following:

1) <ConnectionUsername>uid=${UserID},ou=people,dc=example,com=de</ConnectionUsername>

result: Jabber sends "uid=${UserID},ou=people,dc=example,com=de" to the LDAP server

2) <ConnectionUsername>uid=sAMAccountName ,ou=people,dc=example,com=de</ConnectionUsername>

result: Jabber sends "uid=sAMAccountName,ou=people,dc=example,com=de" to the LDAP server

3) <ConnectionUsername>uid=%%uid%%,ou=people,dc=example,com=de</ConnectionUsername>

result: Jabber sends "uid=%%uid%%,ou=people,dc=example,com=de" to the LDAP server

Is there a way to use the current username in <ConnectionUsername> ?

Thank you for your kind help.

Best regards

Andreas

Jonathan Schulenberg · ‎02-14-2019

Only if you enter the full email address as the username - not Service Discovery, the actual login username of Jabber. The CDI integration is limited to reusing the login credentials or user-supplied credentials within Jabber Options.

Cisco has been deprecating the single/shared LDAP login method because it tends to blow up a security audit.

Another option would be the UDS Proxy feature in CUCM. That would let the client connect to normal UDS and have it point at whatever this second LDAP solution is.

aoster · ‎02-14-2019

Hi Jonathan,

Thank you very much for the fast response. Unfortunately both proposed solutions would not be possible with our setup.
As we only have a very small user base (20+) I will implement a workaround by creating individual jabber-config.xml files.

Best regards

Andreas