Mitel Forums - The Unofficial Source
Mitel Forums => Mitel Software Applications => Topic started by: JoeShmo on April 26, 2013, 02:33:22 PM
-
Is it possible to authenticate against LDAP or Active Directory with UCA (We're at 5.1.34). AWC against AD seems to work rather nicely, but I'm unable to find anything in UCA to set that up other than the LDAP sync, which I cant get working anyway.
-
Are you saying that you have UN/PW authentication working for MCA(AWC)?
We haven't been able to get the UCA AD sync part to do authentication. Didn't realize that MCA could.
Spoke with a guy at Mitel and MAS 5.0 is going to have UCA/MCA AD sync as well as authentication.
-
I am thinking about doing LDAP with MCA as well. If I set that up, will users I currently have setup in the system lose all of their current meetings they have setup? That would be bad..
-
I have provisioned users manually in MCD, UCA, and nupoint up until now. I am interested in turning on LDAP/AD sync on all three, but am worried about the effect on existing users, as well. Would also love an answer on this.
-
Yes, AWC and AD seem to be working together... amazingly.... I wonder what it would take to get the AWC/MCA team to talk to the UCA team to get ldap working? Then I wouldnt have to try to convince management to let me get a CudaTel so that everything truely is one platform.
I simply went into LDAP configuration, and filled out all the entries. Seemed pretty straight forward, so I can't even explain what to do. If you are not also the person who maintains your active directory, then maybe its tricky. If thats the case though, contact your server person, and ask for a query only account for LDAP, and ask for the distinguished name for it, and use that for "LDAP Admin ID". Not sure if it overwrites existing conferences tho. But basically users are created as they login with the default user template you created in Provisioning->Default User Settings
Also, in MCA/AWC, I get a reminder on the top talking about using the UCA Integration wizard, but then warns to NOT run the wizard if the site requires UCA with Active Directory/LDAP. kind of odd, considering UCA doesnt seem to support AD/LDAP.
-
Pretty sure UCA works with AD. Have a customer using AD so they can use the corporate directory rather then the 3300 when doing directory searches from a UCA setup in console mode. I didn't set it up so not sure how it is working. Interesting side issue if you search partial names in the UCA client it can find virtually anything. Search the same partial within the console portion and it can't find the same user.
Will be interested to see what changes are coming in MAS 5 ( due June 7th apparently ). Nupoint 6 is included but not sure what else. Have a customer waiting for Nupoint 6 for voice commands i.e you can speak "play" to play a message. Sounds interesting, wish I knew more.
-
This is a good topic. I have MAS 3 and looking to upgrade to MAS 4 later this year. We run UCA. When we set it up, the Mitel Tech suggested the syncing with the PBX was superior to LDAP.
It really seems to be an either/or situation.
We're a 65 person org. What is an ideal setup for an org with a 5000, UC server, AWC server and Active Directory?
-
Not familiar with the 5000 but would think if you use AD to provision new users on your network , then it would be easiest to use it to give a new user a phone and vm box as well.
-
my understanding is that LDAP only works if you never change a password. In other words, it's not a two way sync. So, if you adopt an activedirectory policy of complex passwords that never change....then the LDAP integration is a good bet. If if you change passwords every 90 days, then you'll have problems. That's only what I've been told by the pros.
-
UCA syncs with AD, ie it pulls user details from AD and populates them in to UC, it can perform this once a day.
This method of using AD does not have the facility to import passwords. (Microsoft restriction)
MCA/AWC- Passes off Authentication to AD, ie when you log in it sends a message to the AD server and says this user has logged in with this password (And yes this password is passed in plain text) can I allow them to log on, the AD server then returns a yes or a no.
If succesful it creates an account with the username you logged on with.
Both methods work but are completely different styles hence the rubbish integration between the products.
If you can not get MCA working with AD try changing the port from 389 to 3268