McDewey

Multi-vendor documentation library · semantic search · MCP endpoint at /mcp

Page 240

↗ View in doc context
page
240
source
cucm/v15/security-guide/security-guide.md
chunk_id
cucm::v15::security-guide::security-guide::239

• End user passwords of users imported from LDAP are authenticated against the corporate directory by a simple bind operation. • End user passwords for local users are authenticated against the Unified CM database. • Application user passwords are authenticated against the Unified CM database. • End user PINs are authenticated against the Unified CM database. Configure LDAP Authentication Use this procedure to enable LDAP Authentication for end user passwords. You can add LDAP Authentication to an existing LDAP Directory sync. If the LDAP certificate is renewed, the administrator must restart the SSOP-Tomcat service for the user authentication to go through. Note Before you begin This procedure assumes you already have an existing LDAP Directory sync configured. If you have not yet configured an LDAP Directory sync, refer to the System Configuration Guide for Cisco Unified Communications Manager to set one up. Procedure Step 1 From Cisco Unified CM Administration, choose System > LDAP > LDAP Authentication. Step 2 Check the Use LDAP Authentication for End Users check box. Step 3 For the LDAP Manager Distinguished Name, enter the user ID of the LDAP Manager who is an administrative user that has access rights to the LDAP directory in question. Step 4 Enter the Password and Confirm the Password. Step 5 Enter the LDAP Directory server address information. Step 6 Complete the remaining fields in the LDAP Authentication Configuration window. Step 7 Click Save. Local Database Authentication Local Authentication against the Cisco Unified Communications Manager database is required for end users if you are not deploying SAML SSO with a third-party Identity provider, or if you do not have LDAP Authentication configured. With this option, user passwords are stored in the local database and are managed via the End User Configuration. For both application users and end user PINs, local database authentication is always used to manage authentication. The following table highlights the three main password types and how they are managed. Security Guide for Cisco Unified Communications Manager, Release 15 and SUs 222 User Security Configure LDAP Authentication