Table Of Contents
Understanding the LDAP Directory
Cisco CallManager Directory
Using an Existing Enterprise Directory
Extending the Enterprise Directory Schema
Migrating to an Enterprise Directory
Managing User Entries in an Enterprise Directory
Enterprise Directory Replication
Where to Find More Information
Understanding the LDAP Directory
This chapter provides background information and deployment guidelines for integrating Cisco CallManager with an existing Lightweight Directory Access Protocol (LDAP) directory. This chapter is written for the administrator of the enterprise LDAP directory.
This chapter includes the following topics:
•Cisco CallManager Directory
•Using an Existing Enterprise Directory
•Extending the Enterprise Directory Schema
•Migrating to an Enterprise Directory
•Managing User Entries in an Enterprise Directory
•Enterprise Directory Replication
•Where to Find More Information
Cisco CallManager Directory
The Cisco CallManager uses an LDAP directory to store authentication and authorization information about users of Cisco CallManager applications, which interface with the Cisco CallManager. Authentication establishes the user right to access the system, while authorization identifies the telephony resources a user is permitted to use, such as a specific telephone extension.
When you install the User Preferences plug-in, a number of configuration screens are added to the Cisco CallManager Administrator, which allows you to assign system resources for use by specific users. However, you need to use the native LDAP administration utilities to add user to the directory.
When you install the User Preferences plug-in, you are prompted to integrate the directory with one of the following enterprise LDAP directories:
•Microsoft Active Directory (AD)
•Netscape Directory Server
After the LDAP directory configuration is complete, you can upload completed workflow application files to the directory. The application server downloads the files to run workflow applications when you use the administration client to start a specific application. This design allows you to start workflow applications from anywhere in the network and run the applications on application servers throughout the enterprise network. Workflow applications communicate with the Cisco CallManager through JTAPI. It is also possible to run workflow applications on the same computer as the Cisco CallManager.
Using an Existing Enterprise Directory
If you integrate a directory with an existing LDAP directory, your directory schema will be extended to add new object classes for storing configuration information and workflow application logic. These extensions can be restricted to a specific branch of the LDAP directory and so should not affect the operation of the overall directory.
The Cisco CallManager Directory Services makes use of an LDAP auxiliary class to associate additional user properties (such as the mapping between the user name and a telephone extension) with the existing user object in your LDAP directory schema.
To use an existing directory, you must know the DN (distinguished name) and password for a user with administrator access to the branch of the directory where you wish to install Cisco CallManager. You will be prompted for this information during installation of the Cisco Customer Directory Configuration plug-in, if you choose to use an existing directory server.
You can use an LDIF (LDAP Interchange Format) file to add multiple entries to your LDAP directory in batch mode, or to add the attributes to an existing LDAP directory that are required to implement Cisco CallManager. The following example shows an LDIF file for adding a new user who will use Cisco CallManager.
Example 14-1 Sample LDIF File
dn: cn=jsmith-CCNProfile, ou=CCN, o=cisco.com
objectclass: ciscoCCNocAppProfile
ciscoatProfileOwner: John Smith
ciscoCCNatAllDevices: false
ciscoCCNatControlDevices: SEP0010EB001801
ciscoCCNatControlDevices: SEP0010EB001B01
ciscoCCNatControlDevices: SEP0010EB003CF0
ciscoCCNatControlDevices: SEP0010EB003EA3
ciscoCCNatControlDevices: SEP0010EB003EC4
dn: cn=jsmith-profile, ou=CCN, o=cisco.com
objectclass: ciscoocUserProfile
ciscoatProfileOwner: John Smith
ciscoatAppProfile: cn=jsmith-CCNProfile, ou=CCN, o=cisco.com
dn: cn=John Smith, ou=CCN, o=cisco.com
objectclass: inetOrgPerson
ciscoatUserProfile: cn=jsmith-profile, ou=CCN, o=cisco.com
Extending the Enterprise Directory Schema
You need an LDAP administrator DN (distinguished name) and password to install Cisco CallManager on a production server. This DN should have read/write/modify privileges for the specific branch of the directory where the Cisco CallManager configuration information will be stored. In addition, the installation program will need to extend the user object in the enterprise directory schema to support additional Cisco IP Telephony network-specific attributes.
After the installation of Cisco CallManager on the production server, the enterprise directory is extended to add a new branch for Cisco CallManager configuration information.
Because all configuration information for users and applications is contained in a single branch of the enterprise directory, Cisco CallManager only requires read access to other branches of the enterprise directory.
On the other hand, only Cisco CallManager requires add or modify privileges to the Cisco IP Telephony network branch of the enterprise directory. It should be emphasized to the enterprise directory administrator that the information in this branch should only be modified using the Cisco CallManager Administrator or the Application Administration pages. If modifications are made with native LDAP tools, the configuration required to run Cisco CallManager can become corrupted and Cisco CallManager may have to be reinstalled.
Migrating to an Enterprise Directory
The Cisco CallManager administrator coordinates with the enterprise directory administrator to migrate the configuration information to the enterprise directory and to integrate Cisco CallManager with the user entries in the enterprise directory. The LDIF file can be modified to only add the auxiliary class attributes to the existing user objects, after the enterprise directory is extended by the Cisco CallManager installation.
Managing User Entries in an Enterprise Directory
After installing Cisco CallManager on the production server, users are added to the enterprise directory by the enterprise directory administrator. The enterprise directory administrator may use an LDIF file for bulk insert of configuration information for the existing users to enable them to use Cisco CallManager. Occasionally, when a few users are added to the enterprise directory, the Cisco CallManager administrator may use the Cisco CallManager Administrator User pages to configure the new users.
Enterprise Directory Replication
When implementing the Cisco CallManager system, you must consider the way the directory is replicated and partitioned to ensure adequate performance of Cisco CallManager and the other components of the system. The Cisco CallManager workflow framework has been designed to work with enterprise LDAP directories, and the way that partitions of these directories are distributed and replicated will directly affect system performance.
With this kind of geographic distribution, it is essential that the directory servers in each region are partitioned and replicated correctly so that Cisco CallManager has local access to the directory information it needs.
Where to Find More Information
Related Topics
•Cisco CallManager Groups, page 4-1
•Date/Time Groups, page 4-2
•Regions, page 4-3
•Device Pools, page 4-7
•Device Defaults, page 4-9
•Enterprise Parameters, page 4-9
•Call Admission Control, page 4-10
•System Configuration Checklist, page 4-11
•Cisco TFTP
Additional Cisco Documentation
•Enterprise Parameters Configuration, Cisco CallManager Administration Guide
•Device Support, Cisco CallManager Administration Guide
•Cisco JTAPI Installation and Configuration, Cisco CallManager Administration Guide
•Service Parameters Configuration, Cisco CallManager Administration Guide
•Starting and Stopping Services, Cisco CallManager Administration Guide
•Installing Cisco CallManager Release 3.1
•Cisco CallManager Serviceability Administration Guide