Author Topic: UCA LDAP/AD Authentication  (Read 10518 times)

Offline JoeShmo

  • Jr. Member
  • **
  • Posts: 45
  • Karma: +0/-0
    • View Profile
UCA LDAP/AD Authentication
« on: April 26, 2013, 02:33:22 PM »
Is it possible to authenticate against LDAP or Active Directory with UCA (We're at 5.1.34).  AWC against AD seems to work rather nicely, but I'm unable to find anything in UCA to set that up other than the LDAP sync, which I cant get working anyway.


Offline markpuckett

  • New Member
  • *
  • Posts: 1
  • Country: us
  • Karma: +0/-0
    • View Profile
Re: UCA LDAP/AD Authentication
« Reply #1 on: April 30, 2013, 01:03:58 AM »
Are you saying that you have UN/PW authentication working for MCA(AWC)?

We haven't been able to get the UCA AD sync part to do authentication.  Didn't realize that MCA could.

Spoke with a guy at Mitel and MAS 5.0 is going to have UCA/MCA AD sync as well as authentication.

Offline jherlitz

  • Full Member
  • ***
  • Posts: 106
  • Karma: +0/-0
    • View Profile
Re: UCA LDAP/AD Authentication
« Reply #2 on: April 30, 2013, 03:41:18 PM »
I am thinking about doing LDAP with MCA as well.  If I set that up, will users I currently have setup in the system lose all of their current meetings they have setup?  That would be bad..

Offline acraig00

  • Contributer
  • *
  • Posts: 29
  • Karma: +3/-0
    • View Profile
Re: UCA LDAP/AD Authentication
« Reply #3 on: May 01, 2013, 09:10:47 AM »
I have provisioned users manually in MCD, UCA, and nupoint up until now. I am interested in turning on LDAP/AD sync on all three, but am worried about the effect on existing users, as well. Would also love an answer on this.

Offline JoeShmo

  • Jr. Member
  • **
  • Posts: 45
  • Karma: +0/-0
    • View Profile
Re: UCA LDAP/AD Authentication
« Reply #4 on: May 01, 2013, 12:23:11 PM »
Yes, AWC and AD seem to be working together... amazingly....  I wonder what it would take to get the AWC/MCA team to talk to the UCA team to get ldap working?  Then I wouldnt have to try to convince management to let me get a CudaTel so that everything truely is one platform.

I simply went into LDAP configuration, and filled out all the entries.  Seemed pretty straight forward, so I can't even explain what to do.  If you are not also the person who maintains your active directory, then maybe its tricky.  If thats the case though, contact your server person, and ask for a query only account for LDAP, and ask for the distinguished name for it, and use that for "LDAP Admin ID".  Not sure if it overwrites existing conferences tho.  But basically users are created as they login with the default user template you created in Provisioning->Default User Settings

Also, in MCA/AWC, I get a reminder on the top talking about using the UCA Integration wizard, but then warns to NOT run the wizard if the site requires UCA with Active Directory/LDAP.  kind of odd, considering UCA doesnt seem to support AD/LDAP.


Offline LoopyLou

  • Hero Member
  • *****
  • Posts: 556
  • Country: ca
  • Karma: +7/-0
    • View Profile
Re: UCA LDAP/AD Authentication
« Reply #5 on: May 23, 2013, 08:15:04 AM »
Pretty sure UCA works with AD. Have a customer using AD so they can use the corporate directory rather then the 3300 when doing directory searches from a UCA setup in console mode. I didn't set it up so not sure how it is working. Interesting side issue if you search partial names in the UCA client it can find virtually anything. Search the same partial within the console portion and it can't find the same user.

Will be interested to see what changes are coming in MAS 5 ( due June 7th apparently ). Nupoint 6 is included but not sure what else. Have a customer waiting for Nupoint 6 for voice commands i.e you can speak "play" to play a message. Sounds interesting, wish I knew more.

Offline akuhn

  • Sr. Member
  • ****
  • Posts: 339
  • Karma: +1/-0
    • View Profile
Re: UCA LDAP/AD Authentication
« Reply #6 on: May 24, 2013, 01:13:56 PM »
This is a good topic.  I have MAS 3 and looking to upgrade to MAS 4 later this year.  We run UCA.  When we set it up, the Mitel Tech suggested the syncing with the PBX was superior to LDAP.

It really seems to be an either/or situation.

We're a 65 person org.  What is an ideal setup for an org with a 5000, UC server, AWC server and Active Directory?

Offline LoopyLou

  • Hero Member
  • *****
  • Posts: 556
  • Country: ca
  • Karma: +7/-0
    • View Profile
Re: UCA LDAP/AD Authentication
« Reply #7 on: May 29, 2013, 08:13:17 AM »
Not familiar with the 5000 but would think if you use AD to provision new users on your network , then it would be easiest to use it to give a new user a phone and vm box as well. 

Offline akuhn

  • Sr. Member
  • ****
  • Posts: 339
  • Karma: +1/-0
    • View Profile
Re: UCA LDAP/AD Authentication
« Reply #8 on: May 29, 2013, 11:21:29 AM »
my understanding is that LDAP only works if you never change a password.  In other words, it's not a two way sync.  So, if you adopt an activedirectory policy of complex passwords that never change....then the LDAP integration is a good bet.  If if you change passwords every 90 days, then you'll have problems.  That's only what I've been told by the pros.

Offline boycey9

  • Full Member
  • ***
  • Posts: 182
  • Karma: +4/-0
    • View Profile
Re: UCA LDAP/AD Authentication
« Reply #9 on: June 06, 2013, 03:55:49 PM »
UCA syncs with AD, ie it pulls user details from AD and populates them in to UC, it can perform this once a day.
This method of using AD does not have the facility to import passwords. (Microsoft restriction)

MCA/AWC- Passes off Authentication to AD, ie when you log in it sends a message to the AD server and says this user has logged in with this password (And yes this password is passed in plain text) can I allow them to log on, the AD server then returns a yes or a no.
If succesful it creates an account with the username you logged on with.

Both methods work but are completely different styles hence the rubbish integration between the products.

If you can not get MCA working with AD try changing the port from 389 to 3268


 

Sitemap 1 2 3 4 5 6 7 8 9 10