Cisco CallManager System Guide, Release 3.3(3)
Understanding the LDAP Directory

Table Of Contents

Understanding the LDAP Directory

Cisco CallManager Directory

Using an Existing Enterprise Directory

Extending the Enterprise Directory Schema

Migrating to an Enterprise Directory

Managing User Entries in an Enterprise Directory

Enterprise Directory Replication

Where to Find More Information


Understanding the LDAP Directory


This chapter provides background information and deployment guidelines for integrating Cisco CallManager with an existing Lightweight Directory Access Protocol (LDAP) directory. This chapter provides information for the administrator of the enterprise LDAP directory.

This chapter includes the following topics:

Cisco CallManager Directory

Using an Existing Enterprise Directory

Extending the Enterprise Directory Schema

Migrating to an Enterprise Directory

Managing User Entries in an Enterprise Directory

Enterprise Directory Replication

Where to Find More Information

Cisco CallManager Directory

The Cisco CallManager uses an LDAP directory to store authentication and authorization information about users of Cisco CallManager applications, which interface with the Cisco CallManager. Authentication establishes the user right to access the system, while authorization identifies the telephony resources that a user is permitted to use, such as a specific telephone extension.

When you install the User Preferences plug-in, a number of configuration screens are added to the Cisco CallManager Administrator, which allows you to assign system resources for use by specific users. However, you need to use the native LDAP administration utilities to add a user to the directory.

When you install the User Preferences plug-in, a prompt asks you to integrate the directory with one of the following enterprise LDAP directories:

Microsoft Active Directory (AD)

Netscape Directory Server


Caution Using Katakana, Cyrillic, or other double-byte character sets with DC Directory, Netscape Directory, or Active Directory can cause directory database errors. This release of Cisco CallManager does not support using any double-byte character set with any directory.

After the LDAP directory configuration is complete, you can upload completed workflow application files to the directory. The application server downloads the files to run workflow applications when you use the administration client to start a specific application. This design allows you to start workflow applications from anywhere in the network and run the applications on application servers throughout the enterprise network. Workflow applications communicate with the Cisco CallManager through JTAPI. You can also run workflow applications on the same computer as the Cisco CallManager.

Using an Existing Enterprise Directory

If you integrate a directory with an existing LDAP directory, your directory schema will be extended to add new object classes for storing configuration information and workflow application logic. You can restrict these extensions to a specific branch of the LDAP directory, and so extensions should not affect the operation of the overall directory.

The Cisco CallManager Directory Services makes use of an LDAP auxiliary class to associate additional user properties (such as the mapping between the user name and a telephone extension) with the existing user object in your LDAP directory schema.

To use an existing directory, you must know the DN (distinguished name) and password for a user with administrator access to the branch of the directory where you want to install Cisco CallManager. If you choose to use an existing directory server, you will be prompted for this information during installation of the Cisco Customer Directory Configuration plug-in.

You can use an LDIF (LDAP Interchange Format) file to add multiple entries to your LDAP directory in batch mode or to add the attributes to an existing LDAP directory that are required to implement Cisco CallManager. The following example shows an LDIF file for adding a new user who will use Cisco CallManager.

Example 14-1 Sample LDIF File

dn: cn=jsmith-CCNProfile, ou=CCN, o=cisco.com
changeType: add
cn: jsmith-CCNProfile
objectclass: top
objectclass: ciscoCCNocAppProfile
ciscoatProfileOwner: John Smith
ciscoCCNatAllDevices: false
ciscoCCNatControlDevices: SEP0010EB001801
ciscoCCNatControlDevices: SEP0010EB001B01
ciscoCCNatControlDevices: SEP0010EB003CF0
ciscoCCNatControlDevices: SEP0010EB003EA3
ciscoCCNatControlDevices: SEP0010EB003EC4

dn: cn=jsmith-profile, ou=CCN, o=cisco.com
changeType: add
cn: jsmith-profile
objectclass: top
objectclass: ciscoocUserProfile
ciscoatProfileOwner: John Smith
ciscoatAppProfile: cn=jsmith-CCNProfile, ou=CCN, o=cisco.com

dn: cn=John Smith, ou=CCN, o=cisco.com
changeType: add
cn: John Smith
givenName: John
sn: Smith
mail: jsmith
userPassword: jsmith
objectclass: top
objectclass: inetOrgPerson
objectclass: ciscoocUser
ciscoatUserProfile: cn=jsmith-profile, ou=CCN, o=cisco.com

Extending the Enterprise Directory Schema

You need an LDAP administrator DN (distinguished name) and password to install Cisco CallManager on a production server. This DN should have read/write/modify privileges for the specific branch of the directory where the Cisco CallManager configuration information will be stored. In addition, the installation program will need to extend the user object in the enterprise directory schema to support additional Cisco IP Telephony-specific attributes.

After the installation of Cisco CallManager on the production server, the enterprise directory gets extended to add a new branch for Cisco CallManager configuration information.

Cisco CallManager only requires read/modify access to other branches of the enterprise directory where users are stored. Cisco CallManager adds information in the existing user object to associate the user to Cisco CallManager-specific information.

Only Cisco CallManager requires add or modify privileges to the Cisco IP Telephony network branch of the enterprise directory. Emphasize to the enterprise directory administrator that the information in this branch should only be modified by using the Cisco CallManager Administration or the Application Administration pages. If modifications are made with native LDAP tools, the configuration that is required to run Cisco CallManager can become corrupted, and Cisco CallManager may have to be reinstalled.

Migrating to an Enterprise Directory

The Cisco CallManager administrator coordinates with the enterprise directory administrator to migrate the configuration information to the enterprise directory and to integrate Cisco CallManager with the user entries in the enterprise directory. After the enterprise directory is extended by the Cisco CallManager installation, the LDIF file can be modified only to add the auxiliary class attributes to the existing user objects.

Managing User Entries in an Enterprise Directory

After Cisco CallManager is installed on the production server, the enterprise directory administrator adds users to the enterprise directory. The enterprise directory administrator may use an LDIF file for bulk insert of configuration information for the existing users to enable them to use Cisco CallManager. Occasionally, when a few users are added to the enterprise directory, the Cisco CallManager administrator may use the Cisco CallManager Administration User windows to configure the new users.

Enterprise Directory Replication

When implementing the Cisco CallManager system, you must consider the way that the directory is replicated and partitioned to ensure adequate performance of Cisco CallManager and the other components of the system. The Cisco CallManager workflow framework design facilitates work with enterprise LDAP directories, and the way that partitions of these directories are distributed and replicated will directly affect system performance.

With this kind of geographic distribution, ensure that the directory servers in each region are partitioned and replicated correctly, so Cisco CallManager has local access to the directory information that it needs.

Where to Find More Information

Related Topics

Cisco CallManager Groups

Date/Time Groups

Regions

Device Pools

Device Defaults

Enterprise Parameters

Call Admission Control

System Configuration Checklist

Cisco TFTP

Additional Cisco Documentation

Enterprise Parameters Configuration, Cisco CallManager Administration Guide

Device Support, Cisco CallManager Administration Guide

Service Parameters Configuration, Cisco CallManager Administration Guide

Installing Cisco CallManager Release 3.3

Cisco CallManager Serviceability Administration Guide