McDewey

Multi-vendor documentation library · semantic search · MCP endpoint at /mcp

Page 173

↗ View in doc context
page
173
source
unity-connection/v15/design-guide/design-guide.md
chunk_id
unity-connection::v15::design-guide::design-guide::158

Directories Other than Active Directory If you are using an LDAP directory other than Microsoft Active Directory, you should specify one or more user search bases that include the smallest possible number of users to enhance the speed of synchronization, even when that means creating multiple configurations. If the root directory contains subtrees that you do not want Unity Connection to access (for example, a subtree for service accounts), do either of the following tasks: • Create two or more LDAP directory configurations and specify the search bases that you do not want Unity Connection to access. • Create an LDAP search filter. For more information, see the “Filtering LDAP Users” section of the “LDAP Directory Integration with Cisco Unity Connection” chapter of the Design Guide for Cisco Unity Connection Release 15, available at https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/connection/ 15/design/guide/b_15cucdg.html. Active Directory You must create a separate LDAP directory configuration when using Active Directory or when the LDAP directory domain has several child domains. Unity Connection do not follow Active Directory referrals during synchronization. In this type of LDAP configuration, you must map the UserPrincipalName (UPN) attribute to the Unity Connection Alias field because UPN is unique across the forest in Active Directory. Unity Connection Intrasite and Intersite Networking Intrasite or intersite networking allows to network two or more Unity Connection servers that may be each integrated with an LDAP directory. When you are using intrasite or intersite networking, you may specify a user search base on one Unity Connection server that overlaps a user search base on another Unity Connection server. Be careful not to accidentally create duplicate Unity Connection users on different Unity Connection servers by importing the same LDAP user more than once. Regardless of how you create users, Unity Connection prevents you from creating two users with the same alias on the same Unity Connection server but does not prevent you from creating two users with the same alias on different Unity Connection servers in the same site or organization. Note In some cases, you may find it useful to create multiple Unity Connection users from the same LDAP user. For example, if you import the some of the LDAP administrator accounts into every Unity Connection server as Unity Connection users without voice mailboxes and use them as administrator accounts. This allows you to use LDAP synchronization and authentication for Unity Connection administrator accounts without creating one or more LDAP users for every Unity Connection server. Filtering LDAP Users For more information, see the “Filtering LDAP Users” section of the “LDAP Directory Integration with Cisco Unity Connection” chapter of the Design Guide for Cisco Unity Connection Release 15, available at https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/connection/15/design/guide/b_15cucdg.html. System Administration Guide 155 LDAP Directories Other than Active Directory