Jabber Deployment ‘Gotchas'(2): Contact Directory Search Why LDAP?

Jabber Deployment ‘Gotchas'(2): Contact Directory Search Why LDAP?

Despite Cisco supports both UDS and LDAP directory search, I'd recommend to use LDAP directory search only, due to the caveats associated with UDS search.

SSH Public Key Authentication to Access Linux (2)
Jabber Deployment ‘Gotchas'(1): Cisco Unified Communications Manager IM and Presence Centralised Deployment
VRF Route Leaking with MP-BGP: routing control for AWS transit VPC

See Jabber Deployment ‘Gotchas'(1): Cisco Unified Communications Manager IM and Presence Centralised Deployment for centralised IM&P deployment configuration and Single Sign On(SSO) ‘gotchas’.

Cisco Jabber supports two types of contact directory search, UDS and LDAP. UDS searches the directory/user information on the CUCM itself. Those user information may be local to CUCM or synchronised from the Active Directory (AD), either way Jabber searches user information against CUCM. While as to LDAP directory search, Jabber searches AD information directly using LDAP connection. CUCM doesn’t proxy the user information in the middle.

Despite Cisco supports both UDS and LDAP directory search, I’d recommend to use LDAP directory search only, due to the caveats associated with UDS search. Three major issues we had:

  • Jabber UDS directory integration cannot search userid (CSCuz71314)
  • Outlook and Jabber presence integration doesn’t work for non-buddy contacts. You may see this Cisco TechNote, Microsoft Outlook Integrated with Cisco Jabber Shows No Presence Status; but unfortunately, the TechNote doesn’t provide fully right information.
  • If you are using Cisco Prime Collaboration Provision tool (PCP), then your user information cannot be synced with AD – another undocumented feature confirmed by Cisco. Compared with feature defect, it appears a data security concern to me, as the data integrity fails to be maintained this case. Hopefully Cisco can fix the issue in the near future.

Jabber Cannot Search UserID

When Jabber with IM&P service enabled and using UDS for contact search, Jabber can only search firstname, lastname, mail ID and Jabber cannot search userid or telephone number.

The workaround is to use LDAP directory search either Basic Directory Integration (BDI) or Enhance Directory Integration (EDI).

Outlook and Jabber Presence Integration Does NOT Work for Non-Buddy Contacts

Despite all Cisco documentation says you have to configure SIP proxyAddress in Exchange server to allow Outlook to show Jabber presence status (Ref.: Microsoft Outlook Integrated with Cisco Jabber Shows No Presence Status) and jabber-config ‘OutlookContactResolveMode’ also mentioned SIP:user@cupdomain (Ref.:Parameters Reference Guide for Cisco Jabber 12.0), you actually do NOT need the SIP proxyAddress for this purpose.

In the absence of SIP:user@cupdomain, the primary email address SMTP:user@emaildomain will be used (Ref.: https://cisco-voip.puck.nether.narkive.com/xAjWRHA1/jabber-11-6-1-11-6-2-slow-outlook-contact-resolution-presence).

The trick here is if UDS directory search is in use, it will not work as expected. Jabber has to use LDAP directory search, either BDI or EDI to resolve the email address received from Outlook to query the IM&P servers the contact’s presence, and then send back Outlook the presence status. Jabber local logs, retrieved from ‘Help > Report a problem…’, help troubleshoot the presence query process.

How to Enable LDAP Directory Search

The LDAP directory search requires Service Profile configuration, referencing corresponding directory UC profiles, on the remote/leaf telephony clusters. The configuration key components are as below:

  • Untick ‘Use UDS for Contact Resolution’; otherwise, it uses the leaf telephony CUCM to proxy the LDAP search;
  • Untick ‘Use logged on user credential’; if you wan to use a dedicated service account to connect to the LDAP service, instead of individual user account credential;
  • Configure the service account details if using service account for LDAP connection;
  • Configure search base

The jabber-config.xml shall be configured to accommodate the LDAP directory search.

An easy way to check whether your Jabber is using UDS or LDAP search, just check Jabber connection status via ‘Help > Show connection status’ as below. LDAP directory search will show LDAP instead of UDS.

Verify Jabber Directory Search Approach

COMMENTS

WORDPRESS: 0
DISQUS: 0