Provisioning - Before you start

Supported LDAP implementations

The Meeting Server supports the following LDAP implementations:

  • Microsoft Active Directory (AD)

  • OpenLDAP

  • Oracle Internet Directory (LDAP version 3)

For information about which versions have been tested with each version of the Meeting Server, see the Interoperability Database.

CAUTION: If you have set up LDAP via the Meeting ServerWeb Admin Interface then provisioning via Meeting Management will not work. Before you set up provisioning in Meeting Management, sign in to the Web Admin Interface, go to Configuration, Active Directory page, and empty all input fields, then click Submit. To avoid locking users out, do not synchronize before you have finished setting up provisioning on Meeting Management.

LDAP server details

For each LDAP server you want the Meeting Server cluster to connect to, you need the following:

  • Protocol (LDAP/LDAPS)

    We recommend that you use LDAPS.

  • LDAP server address

  • LDAP server port number

    Defaults are 389 for LDAP, 636 for LDAPS. We recommend that you use LDAPS on port 636.

    If you want to use certificate verification: LDAP server certificate uploaded to the Meeting Server and TLS certificate verification enabled.

  • We recommend that you use certificate verification. For information on how to do this, see the FAQ article How do I enable LDAP server certificate verification?.

  • Credentials for your LDAP bind user

    For security and auditing reasons, we recommend that you create a separate bind user account for Cisco Meeting Server.

User import details

For each group of users you want to import, you need:

  • Base distinguished name (DN)
  • LDAP search filter

  • Sign-in user name mapping

    This corresponds to what we call Search attribute when you connect an LDAP server to Meeting Management. It defines which LDAP attribute you want to use as the username that Meeting Server web app users will use to sign in to the app. It must have a format similar to $sAMAccountName$@example.com, and the attribute must be one that is unique for each user.

  • Display name mapping

    This defines which LDAP attribute you want to be used as app users' display name. It must have a format similar to $cn$.

  • Sufficient PMP Plus licenses

    The import settings for a group define whether the users in the group are assigned personal licenses. If you choose to assign the users personal licenses, then you need one PMP Plus for each user in the group.

    You do not need to install the licenses before you can provision users, but you need to install them before you start using the Meeting Server.

For more information about using LDAP with the Cisco Meeting Server, see the appropriate Meeting Server deployment guide. There is a section on LDAP configuration as well as an appendix with more information on LDAP field mappings.