InformaCast LDAP Integration - s3. · PDF file2601 West Beltline Highway, Suite 510 Madison, Wisconsin 53713 Phone 608.661.1140 InformaCast LDAP Integration Microsoft Active Directory

2 6 0 1 W e s t B e l t l i n e H i g h w a y , S u i t e 5 1 0 � M a d i s o n , W i s c o n s i n � 5 3 7 1 3

P h o n e 6 0 8 . 6 6 1 . 1 1 4 0 � w w w . s i n g l e w i r e . c o m

InformaCast LDAP Integration

Microsoft Active Directory Configuration Example

Version 20121023

October 23, 2012

Copyright © 2011 Singlewire Software. All rights reserved. No part of this document may be

reproduced or transmitted in any form or by any means, electronic or mechanical, for any

purpose, without written permission from Singlewire.

Contents Executive Summary .................................................................................................... 1

Before You Begin ........................................................................................................ 2

Using This Document .......................................................................................................... 2

Base Understanding Of InformaCast ..................................................................................... 2

Healthy Domain Controllers and Active Directory ................................................................... 2

CUCM Integrated to IC For LDAP Recipient Groups ................................................................ 2

Third Party LDAP Browser ................................................................................................... 2

LDAP User For InformaCast ......................................................................................... 3

Create A User In The LDAP .................................................................................................. 3

Locate User and Record LDAP Attributes ............................................................................... 4

Connect To MS AD LDAP With Softerra......................................................................... 6

Configure Softerra .............................................................................................................. 6

Verify Successful Bind ......................................................................................................... 8

Troubleshoot Here Before Proceeding ................................................................................... 8

InformaCast – Base Configuration ................................................................................ 9

Enable LDAP User Logins ........................................................................................... 11

Configure Authentication Required Fields ............................................................................ 11

Verify Users and Groups Are Seen From LDAP ..................................................................... 13

Searching For Users And Groups ........................................................................................ 14

Limit Where IC Looks In The LDAP ............................................................................ 15

Use Softerra To View The LDAP Tree Structure ................................................................... 15

Configure InformaCast’s Authentication Search Base ............................................................ 16


Filter What IC Sees From The LDAP ........................................................................... 18

Administer the Microsoft Active Directory ............................................................................ 19

Use Softerra To Locate & Gather Attribute Data .................................................................. 20

Create & Test LDAP Filters ................................................................................................. 22

Configure InformaCast User and Group Filters ..................................................................... 26


Assign LDAP Users InformaCast Roles ........................................................................ 28

Assign Administrator Role To LDAP Group ........................................................................... 28

Assign User Role To LDAP Group ........................................................................................ 29

Verify Assigned Login Permissions ...................................................................................... 31

Create LDAP Based Recipient Groups ......................................................................... 33

CUCM Extension Verification .............................................................................................. 33

MS AD Attribute Verification ............................................................................................... 34

Use Softerra To Locate Attribute Value ............................................................................... 35

Configure InformaCast – Map Attribute ............................................................................... 36

Create LDAP Rule For A Recipient Group ............................................................................. 37

Configure IC – Create the Recipient Group .......................................................................... 39

Troubleshooting ........................................................................................................ 40

Support ........................................................................................................................... 43

InformaCast LDAP Integration Executive Summary

© Singlewire Software 1 October 23, 2012

Executive Summary InformaCast can integrate to a LDAP repository for user authentication and for information on user’s CUCM phones. The LDAP user accounts can have permissions assigned in InformaCast to allow authentication and access to the InformaCast GUI. You can also use LDAP attributes to create Recipient Groups of phones based on information obtained from the LDAP

The examples provided here are done with Microsoft Active Directory. This document assumes the reader is somewhat familiar with the navigation of Microsoft Active Directory, and is capable of creating Users and Groups. InformaCast can integrate to any LDAPv3 compliant vendor’s solution, but those features are outside the scope of this document.

This document assumes the reader is somewhat familiar with InformaCast, but will try to teach the LDAP integration and features related from a beginner standpoint. This document is not meant to be a full featured guide to everything that is capable with these features, but will provide a tutorial for one way this could work in an organization.

InformaCast LDAP Integration Before You Begin


Before You Begin

Using This Document This document should be read from start to finish as many of the later pages and procedures build upon concepts and steps covered and performed in previous sections.

Base Understanding Of InformaCast This document assumes some familiarity with the concepts and navigation of InformaCast (abbreviated as IC throughout this document). Before starting the LDAP integration, you should ensure the InformaCast server is working as expected.

Healthy Domain Controllers and Active Directory Before attempting any integration from InformaCast you should ensure your Microsoft Domain Controllers and the Active Directory are healthy and functional (abbreviated as MS AD through this document). While the load InformaCast will place on the MS AD DC should be minimal, there will be some load as IC tries to access the data.

CUCM Integrated to IC For LDAP Recipient Groups If you plan to build Recipient Groups based on information from the LDAP, Cisco Unified Communications Manager should be integrated to InformaCast. You can broadcast to CUCM phones without any LDAP integration.

Third Party LDAP Browser Much of the configuration in this document will be done with a Third Party’s LDAP Browser. All configurations should be done first with the Third Party Tool to verify and test the settings before trying them with InformaCast. InformaCast does not provide “good” feedback if something is not successful, so troubleshooting the Third Party Tool tends to be easier.

This tutorial will use Softerra’s LDAP Browser which is free. You can download it at the link below. Ensure you download the Browser version and not the Administrator.

http://www.ldapbrowser.com/download.htm

InformaCast LDAP Integration LDAP User For InformaCast


LDAP User For InformaCast You will need a user account to access the Microsoft Active Directory. By default all users will have Read access, so a standard end user with minimal permissions will suffice.

Create A User In The LDAP • Access the Domain Controller you will point InformaCast at

• Open Active Directory Users and Computers and create a new user that InformaCast will use to access the LDAP data

• Make sure the password cannot be changed

• Make sure the password does not expire

• You should now be able to view the newly created user in the Active Directory



Locate User and Record LDAP Attributes InformaCast and Softerra will need the created user’s information to connect to the LDAP. Typically you can use either a Distinguished Name or User Principal Name. While we only need one of these, it only takes a couple seconds to gather both. If one doesn’t work, try the other.

• In MS AD Users & Computers, right click the user you created and select properties

• Choose the “Attribute Editor” tab

• Locate the “distinguishedName” attribute and copy it somewhere like a notepad document. (NOTE: in this example the distinguishedName of the user would be CN=pl App-InformaCast,OU=pl-Applications,OU=pl-

Staff,DC=sandbox,DC=lan)



• Locate the “userPrincipalName” attribute and copy it somewhere like a notepad document. (NOTE: in this example the userPrincipalName of the user would be [email protected])

InformaCast LDAP Integration Connect To MS AD LDAP With Softerra


Connect To MS AD LDAP With Softerra It will be easier to gather information and perform any troubleshoot using a Third Party Tool rather than InformaCast. Ensure all steps are completed using Softerra LDAP Browser before attempting to integrate InformaCast.

Configure Softerra • Open Softerra LDAP Browser

• Click “New” to setup a new profile and give it a name such as “MS AD”

• Enter the IP address of the Domain Controller to connect to

• Make sure the port is set to 389 for the standard LDAP port unless the connection requires SSL (NOTE: if you check the box to “use secure connection (SSL)” the port will automatically get modified to 636)

• Leave “RootDSE” in the Base DN field

• By default MS AD does not require SSL, so leave the “use secure connection (SSL)” box unchecked unless your server requires SSL. (NOTE: if you check the box to “use secure connection (SSL)” the port will automatically get modified to 636)

• Click Next



• For the radio button of “Other Credentials”, make sure “Simple” is selected as the Mechanism

• For the Principal field, enter the value of the “distinguishedName” or “userPrincipalName” of the created user in the previous section. (NOTE: if one doesn’t work, try the other)

• Enter the password for the user and check the box to save the password

• Click Next

• For the next page, LDAP Settings, just accept the defaults by clicking Finish



Verify Successful Bind At this point the program should attempt to bind to the Domain Controller to browse the LDAP data. If the bind is successful you should be able to view the LDAP as in the picture below. If the bind was not successful, you will need to go back and troubleshoot the settings that were entered until you can bind and view the LDAP data successfully.

Troubleshoot Here Before Proceeding The settings you use with Softerra to access the LDAP data will be the same settings you use with InformaCast to access the LDAP data. The Softerra tool will be easier to troubleshoot, so only progress to InformaCast once you have been able to successfully use Softerra to browse the LDAP.

InformaCast LDAP Integration InformaCast – Base Configuration


InformaCast – Base Configuration For InformaCast to connect to the LDAP repository, various items specific to the LDAP are going to be required in the InformaCast configuration. You should have already been able to successfully use Softerra to bind and access the LDAP data. InformaCast will need to use these same settings. If you have not connected successfully with Softerra, please visit the previous sections to ensure they work successfully before going to forward.

• Open the IC GUI in a web browser and login

• Navigate to Admin > System > LDAP Integration

• Check the box to “Enable LDAP Integration”

• Fill in the fields using the same values that were successfully used to connect with Softerra LDAP Browser

o LDAP Host Name: The Domain Controller IP Address (NOTE 1: Only one entry will be accepted here; there is no redundancy) (NOTE 2: It is recommended to use the IP Address and not the Host Name)

InformaCast LDAP Integration InformaCast – Base Configuration


o LDAP Port: default is 389 (if SSL is required use 636)

o Use SSL: default is no, but if your connection requires it select yes

o Authentication Method: Simple will be used for most integrations

o LDAP Administrator Distinguished Name: this is the MS AD user created for InformaCast’s “distinguishedName” or “userPrincipalName” gathered from a previous section of this document

o LDAP Administrator Password: this is the corresponding password for the created MS AD user account for InformaCast

o Schema Type: because this document’s example is Microsoft Active Directory, this is the selection to be used.

• Click Update

• If there were no errors, you should be redirected to the “Admin > Overview” page (NOTE: if errors were seen, see the Troubleshooting section of this document)

If no errors were seen then InformaCast should have successfully been able to bind to the LDAP data. However, there are really no features being used at this point and only the base integration has been performed.

InformaCast LDAP Integration Enable LDAP User Logins


Enable LDAP User Logins In a previous section of this document InformaCast’s base configuration for LDAP was completed on the General tab. The steps in that section must be completed successfully before configuring the items on the Authentication tab.

Configure Authentication Required Fields • Open the IC GUI in a web browser and login


• Click the Authentication Tab

• Click the “Enable Authenticating Users Via LDAP” checkbox

• Fill in the required fields (NOTE: In a later section we will go into details on how to narrow down what InformaCast will see and request from the LDAP using a Search Base and Filters)

o Configuration Name: Give this a descriptive name your users will understand, such as (Company ID Login) (NOTE: it may be helpful to wrap whatever text is entered into this field in parentheses. This way it will be the first option selected by default when users navigate to the IC GUI and they won’t have to toggle anything)

o Maximum Number of Users: this is set to 1000 by default so if your LDAP directory contains more users, you will need to increment this to a larger number. However, there are instances where large numbers of objects can slow



down the performance of IC. (NOTE: In a later section we will go into details on how to narrow down what InformaCast will see and request from the LDAP using a Search Base and Filters)

• Click Update

• If there were no errors, you should be redirected to the “Admin > Overview” page (NOTE: if errors were seen, see the Troubleshooting section of this document)



Verify Users and Groups Are Seen From LDAP • Open the IC GUI in a web browser and login

• Navigate to Admin > User Administration > Edit Users

• Next to Security Domain, click the drop down to access the LDAP Users and click OK

• Verify that the user accounts from the LDAP show up as expected

• Do the same thing for LDAP Groups (Admin > User Administration > Edit User Groups)



Searching For Users And Groups At the time of this writing there is no search function within IC to locate particular users or groups. By default IC will limit the number of users displayed on a page to 50. This can make it almost impossible to find users or groups when large numbers are present. To dance around this, you can do the following:

• In the “Show |_50_| results per page” box, enter a large number like 5000

• Press enter (it could take a little while to load the page with that many entries)

• Press CTRL+F (this should open the search feature of your browser)

• Enter the user or group to search for and press enter

InformaCast LDAP Integration Limit Where IC Looks In The LDAP


Limit Where IC Looks In The LDAP The LDAP structure is a tree. When we look at the LDAP tree perhaps we do not have to look at the whole tree but can limit the search to a particular branch and the objects underneath it. For this example then we are going to limit what IC looks at using a Search Base.

Use Softerra To View The LDAP Tree Structure • Open Softerra LDAP Browser

• Click the Profile that was created previously to view the LDAP data

• Navigate the tree until the lowest point you would like to search beneath (NOTE: in this example we want to view the objects in the OU’s “pl-MSN” & “pl-MSP”. To have IC view the objects in these two OU’s, we need to use a Search Base that is at least one step higher. Thus, the Search Base we will want to use will be the OU of “pl-Staff”.

• Click on the LDAP object that will be used as the Search Base

• On the right, locate and copy the “distinguishedName” (NOTE: in this example we want to use the OU of “pl-Staff” as our Search Base, so the “distinguishedName” value would be OU=pl-Staff,DC=sandbox,DC=lan)



Configure InformaCast’s Authentication Search Base • Open the IC GUI in a web browser and login


• Click the Authentication: Tab

• Paste in the value of the “distinguishedName” of the Search Base found using Softerra

• Click Update



Verify Users and Groups Are Seen From LDAP When we first verified that our LDAP users and groups were seen by IC, there were many items listed. After entering the Search Base we should now only see users and groups from the location of the Search Base and items beneath it.




• Verify that the user accounts from the LDAP show up as expected


InformaCast LDAP Integration Filter What IC Sees From The LDAP


Filter What IC Sees From The LDAP When verifying the user and groups that showed up, there were likely many items shown. In all likelihood most of these people and groups will not need access to InformaCast. There are typically two types of users who will login to the InformaCast GUI:

• Administrators – IT personnel who will be responsible for server configuration and maintenance

• Users – end users who will use the GUI to send out messages

We will create two Security Groups in the MS AD: one for each type of the user account types. We’ll then assign the users to their proper group in MS AD and tell IC to only search for those users and groups using LDAP Filters.

Any user who will need to login to InformaCast will now have common attributes in the LDAP: they will either be members of the “InformaCast Administrators” or “InformaCast Users” groups. Using Softerra we can locate these common attributes in the LDAP data and use the attributes to construct filters. These filters can be used in the InformaCast configuration to further limit what IC sees.

We will need to construct two filters: one for the users and another for the groups.



Administer the Microsoft Active Directory • Access the Domain Controller you have InformaCast pointed to

• Open Active Directory Users and Computer

• Navigate to a location in the MS AD structure that is under the Search Base InformaCast was programmed to use

• Create two new groups: one for InformaCast Administrators and another for InformaCast Users

• Assign all users who require Administrator access to InformaCast to the newly created MS AD Group for the Administrators

• Assign all users who require User access to InformaCast to the newly created MS AD Group for the Users



Use Softerra To Locate & Gather Attribute Data • Open Softerra LDAP Browser


Gather “memberOf” Attributes To Create User Filter

• Navigate and click on a user who was assigned to the group created for InformaCast Administrators

• In right hand pane, locate the “memberOf” attribute for the InformaCast Administrator group and copy it someplace like a notepad document where we can later create a valid filter with the data.

• Now do the same thing for a user in the InformaCast User group



Gather “distinguishedName” Attributes To Create User Filter

• Navigate and click on the group that was created for InformaCast Administrators

• In the right hand pane, locate the “distinguishedName” attribute and copy it someplace like a notepad document where we can later create a valid filter with the data.

• Now do the same thing for the group that was created for InformaCast Users

Verify Attribute Data Collected

At this point you should have a document with two “memberOf” attributes and two “distinguishedName” attributes.



Create & Test LDAP Filters From the previous section we should now have a notepad document that contains the data obtained with Softerra. We pulled two types of attributes that we’ll use to build two different filters:

• Group membership attributes (memberOf) – used to build a User Filter

• Group name attributes(distinguishedName) – used to build a Group Filter

A full explanation or tutorial of building LDAP filters is outside the scope of this document. There are many examples and tutorials online that can be found by searching for something like “LDAP Search Filters”. For our uses we’ll only need to know a few things:

• A valid LDAP filter is surrounded by parenthesis (paramOne=value1)

• Groups of LDAP search filter strings can be combined using operators for “and” (&) and “or” (|) and wrapping these in parentheses

o This example says that everything must match the first “and” second filter (&(paramOne=value1)(paramTwo=value2))

o This example says that everything must match the first “or” second filter (|(paramOne=value1)(paramTwo=value2))



Format Attribute Data to Syntax of Proper LDAP Search Filter

We need to turn the attributes that we copied into usable search filters. The first thing we need to do is get the attribute data in the proper syntax format. To do this we replace the colon and spaces after the attribute name with an equals sign.

Now that we have the proper format, we need to wrap each statement in parentheses to make them valid search filters.



Use Softerra To Test LDAP Search Filteres

Each of these items should now be valid search filters. You can test each in Softerra to verify you are going to get the proper data and each is formatted correctly. To test in Softerra:

• Open Softerra LDAP Browser


• Select Entry > Directory Search

• Copy one of the filters from the notepad document and paste it into the Filter field and press enter

• All of the objects that match the rule should appear in the window.

• Test each of these rules individually to make sure they work as expected before trying to use them in InformaCast



We now need to combine the individual rules to create one User Filter, and one Group Filter. We do this by enclosing our current rules in another set of parentheses and use the pipe | as a logical “or” statement.

We should now be able to paste these rules into Softerra to test they are created correctly. Test each of these rules individually before trying to use them in InformaCast



Configure InformaCast User and Group Filters Once you have created your LDAP Filters and tested them successfully in Softerra they are ready to be input into InformaCast.



• Click the Authentication: Tab

• Paste the “memberOf” filter into the “Valid User Filter” field.

• Paste the “distinguishedName” filter in the “Valid Group Filter” field

• Click Update



Verify Users and Groups Are Seen From LDAP • Open the IC GUI in a web browser and login



• Verify that only user accounts that match our “Valid User Filter” now show


InformaCast LDAP Integration Assign LDAP Users InformaCast Roles


Assign LDAP Users InformaCast Roles By default a LDAP user in InformaCast has no permissions in the application. If they happen to log into InformaCast they will be unable to access any application features.

At this point in the document we should have all of our users, or a subset of our users, from MS AD in InformaCast. Once the accounts are available to InformaCast we can assign roles and grant them permissions to features in the application.

In our example we have created two Security Groups in MS AD: one for Administrators and one for end Users. We will now need to grant these groups Roles in InformaCast so the group members receive access to InformaCast.

Assign Administrator Role To LDAP Group • Open the IC GUI in a web browser and login



• Navigate to Admin > User Administration > Edit User Groups

• Next to Security Domain, click the drop down to access the LDAP Groups and click OK

• Locate the MS AD Security Group created for InformaCast Administrators and click the “Edit” button

• Assign the following Roles to the User Group and click “Update”

o appAdmin

o keyAdmin

o messageAdmin

o schedAdmin

o userAdmin

Assign User Role To LDAP Group • Open the IC GUI in a web browser and login



• Navigate to Admin > User Administration > Edit User Groups

• Next to Security Domain, click the drop down to access the LDAP Groups and click OK

• Locate the MS AD Security Group created for InformaCast Users and click the “Edit” button

• Assign the following Roles to the User Group and click “Update”

o messageSenderDNsRestricted



Verify Assigned Login Permissions After permissions have been assigned to the LDAP groups in InformaCast you will want to verify that the access granted to the groups is what the users will receive when they login.

Administrator Accounts

• If still logged into the IC GUI, logout now

• On the IC logon page, enter a LDAP user with administrator access

• Make sure the Security Domain is set to the LDAP context

• After logging in with an account with administrator access you should have access to all the menu items available to InformaCast

• Navigate the menus and verify full system access



End User Accounts

• If still logged into the IC GUI, logout now

• On the IC logon page, enter a LDAP user with end user access

• Make sure the Security Domain is set to the LDAP context

• After logging in with an account with end user access you should be taken to the “Messages’ menu and only have access to send messages from the GUI.

• Verify the restricted access is present

InformaCast LDAP Integration Create LDAP Based Recipient Groups


Create LDAP Based Recipient Groups To be able to broadcast to a group of people’s phones who all share a common LDAP attribute, you have to be able to map their CUCM Directory Number to a corresponding value in the LDAP data. These types of Recipient Groups are good for work flow type scenarios. For example, what if you don’t need to page the whole building but maybe only need to reach someone in HR, or Accounting?

CUCM Extension Verification The value of the extensions created in CUCM must correspond exactly to a populated attribute on the users in the LDAP. For this example, looking in the CUCM, we can see that the telephone system is using four digit extensions.



MS AD Attribute Verification In Active Directory we can have multiple telephone numbers entered for each user, but we’ll need at least one of these fields to contain the same extension that is in the CUCM. In the example below, the “Telephone Number” is stored in E.164 format, but the IP Phone field is set to the four digit extension seen in CUCM.



Use Softerra To Locate Attribute Value Once we know there is an attribute populated in Active Directory that matches the CUCM extensions exactly, we can correlate to these by locating what that attribute maps to in the LDAP using Softerra



• Navigate and click on a user who we are looking to put into a Recipient Group

• In right hand pane, search for the telephone extension as it is seen in CUCM and locate the LDAP attribute that it is assigned to.

• In this example we see the “ipPhone” attribute is where the four digit extension is stored. Make a note of this attribute as we’ll need to enter it into InformaCast.



Configure InformaCast – Map Attribute



• Click the Grouping tab

• Check the box to “Enable Grouping Recipients via LDAP”

• In the “Phone Extension Attribute” field, enter the LDAP attribute found using Softerra that correlates to the phone extensions as they are seen in CUCM. (NOTE: in our example the four digit CUCM extensions map to the ipPhone LDAP attribute)

• Click Update



Create LDAP Rule For A Recipient Group We’ve already used rules to create LDAP filters in this document. Now we will do so again to create a Recipient Group. First we must find the common LDAP attribute that our Recipient Group member phones will share. For this example, we’ll make a Recipient Group of all phones who belong to HR team members.

Gather “memberOf” Attributes To Create User Filter



• Navigate and click on a user who we are looking to put into a Recipient Group

• In right hand pane, locate an attribute that would be shared by all members of the Recipient Group you will create (NOTE: in this example all HR team members are assigned the pl-Corp-HR security group in MS AD)

• Copy the data from the attribute to a notepad document so we can work with the data



Format Attribute Data to Syntax of Proper LDAP Search Filter

• Remove the colon and space after the attribute name and replace it with an equal sign

• Wrap the string in parentheses so it uses the proper syntax

• We should now be able to paste this rule into Softerra to test it is created correctly.



Configure IC – Create the Recipient Group • Open the IC GUI in a web browser and login

• Navigate to Recipient Groups and click Add

• Give the new Recipient Group a name

• Select the box to “Filter with Rules”

• Create a rule that says “Directory Numbers – Does – Match LDAP Filter”

• Paste in the new filter string you just obtained and created using Softerra

• Click the view button at the bottom

• Verify the phones show up as expected, and click the Update button

InformaCast LDAP Integration Troubleshooting


Troubleshooting

InformaCast Error: The LDAP directory cannot be accessed: Unable to create

LDAP context

• This error will be seen in the InformaCast GUI if any piece of the entered information is not entered correctly.

• Try to connect to the LDAP using Softerra

• If successful with Softerra, verify you are using the same information used in Softerra within IC.

• If not successful with Softerra, you will need to troubleshoot the settings with Softerra and get that working prior to being able to use InformaCast.

Any Issue Experienced During InformaCast LDAP Integration

The first question to ask is “did it work with Softerra?” If you have not tested with Softerra, first verify that you can successfully test with a Third Party Tool. There will be better error messages and troubleshooting resources available using Softerra.

Softerra Does Not Bind To The LDAP

There are many tools available online for troubleshooting Softerra’s LDAP Browser. It will be easier to troubleshoot a connection problem to the LDAP with Softerra than InformaCast and you should not attempt to use InformaCast until you have successfully used Softerra.

http://www.ldapbrowser.com/support.htm

Softerra Does Not Locate Proper Users When Entering Filter

There are many tools available online for troubleshooting Softerra’s LDAP Browser. It will be easier to troubleshoot a connection problem to the LDAP with Softerra than InformaCast and you should not attempt to use InformaCast until you have successfully used Softerra.

http://www.ldapbrowser.com/support.htm



Softerra Does Not Show the “memberOf” Attribute For a User

Ensure you added the user to the group in MS Active Directory. Use Active Directory Users & Computers to verify the user is a member of the group.

When Logging In To InformaCast I Always Have To Toggle The Security Domain

The easiest way to make sure the LDAP Security Domain is always the default is to wrap it in parentheses in the configuration. This is on the “Admin > System > LDAP Integration > Authentication Tab > Configuration Name”. Whatever is entered here, wrap it in parentheses (MS AD LDAP).

No Users or Groups are Seen After Applying Filters

Verify the syntax and data entered for the filter. Can you use Softerra to bind to the LDAP ? Once connected to the LDAP can you use Softerra to enter in the filters you’ve created and do the users show up in Softerra? If they do not, you need to examine the filter you are using with Softerra before trying to use it with InformaCast.

Integrating to non Microsoft LDAP Directories

This is also supported but this document does not cover the details. Please see the InformaCast Installation Manual for the details about using other Directory types.

There is No Attribute In The LDAP That Matches The Extension In CUCM

For InformaCast to be able to map LDAP users to telephones seen from CUCM, the extension in CUCM must be entered exactly on some LDAP attribute for the user. If the CUCM extensions are not in the LDAP today, you will need to update your LDAP users to have the CUCM extension applied to some LDAP attribute if want to be able to create Recipient Groups by LDAP attributes. If you have no need to create these types of Recipient Groups, there is nothing to worry about and you can ignore this feature.

Phone Extensions in CUCM Start With “\+” but LDAP Has Them as Just “+”

Currently InformaCast takes no special consideration of E.164 numbering formats from CUCM, so if the CUCM has the DN’s as “\+” they must also be in the LDAP somewhere as “\+” to correlate them. This is only required if you want to build Recipient Groups based on LDAP attributes. If you have no need to create these types of Recipient Groups, there is nothing to worry about and you can ignore this feature.



After Modifying and Saving the LDAP Configuration I Have to Log Back In

This is likely because the user account you were logged in with at the time you were making the changes was a LDAP user account. If you are logged in with an account that authenticates to the LDAP and you modify the configuration of the LDAP setup, you must be logged out of the application so your account’s permissions can be reevaluated when you log back in. You can use a Superuser Application level account to not experience this; however any end user that may have been logged in while you made a change to the LDAP would still need to log back in to have their access permission reevaluated.



Support Before contacting Support to assist with the InformaCast setup, please ensure you are able to use the Softerra LDAP Browser to connect to the LDAP. If you are unable to connect with Softerra, InformaCast will be unable to connect.

If you do contact support, please have the following ready:

• Screenshot of successful connection from Softerra to the LDAP

• All the settings used with the successful Softerra setup

• InformaCast performance.log file(s)

• Screenshots of the LDAP config pages from the GUI

• All of the values for any search strings and filters used that are not seen fully in the screenshots.

Contact Support

http://www.singlewire.com/support.html

Documents

InformaCast LDAP Integration - s3. · PDF file2601 West Beltline Highway, Suite 510 Madison, Wisconsin 53713 Phone 608.661.1140 InformaCast LDAP Integration Microsoft Active Directory