Migration of MiCollab Audio, Web and Video Conferencing IDS to MiCollab IDS must be performed manually. You must copy the IDS settings from the MiCollab Audio, Web and Video Conferencing AD/LDAP pages to the corresponding fields in the MiCollab IDS Connection and Attribute Mapping pages. Leave any MiCollab IDS fields that don't have corresponding fields at the defaults.
Review the General Guidelines and Limitations for MiCollab IDS.
Log into MiCollab server manager.
Under Applications, click Audio, Web and Video Conferencing.
Under Configuration, click LDAP Configuration.
Display the Lightweight Directory Access Protocol form. Record the current MiCollab Audio, Web and Video Conferencing LDAP Configuration connection values in the third column of the following table. Use the table to match the MiCollab Audio, Web and Video Conferencing LDAP Configuration connection settings to the MiCollab IDS Connection parameters.
MiCollab Audio, Web and Video Conferencing LDAP Configuration Settings |
Corresponding MiCollab IDS Connection Parameters |
Current MiCollab Audio, Web and Video Conferencing LDAP Configuration Settings |
Use LDAP |
||
LDAP Port Number |
LDAP port |
|
LDAP Admin ID |
Distinguished name |
|
LDAP Uid Field |
||
Auto Synchronize |
Enable synchronization |
|
LDAP Server Name |
Primary directory server |
|
LDAP Search Base |
Search |
|
LDAP Admin ID Password |
Password |
|
Email Domain |
||
Sync Interval |
Sync schedule |
|
Synchronize the MiCollab Audio, Web and Video Conferencing database with the directory server database.
Disable IDS (LDAP Integration) for the MiCollab Audio, Web and Video Conferencing application.
Click Audio, Web and Video Conferencing in the MiCollab server manager.
Click LDAP Configuration.
Click User LDAP check box.
On MiCollab in the Network Element tab of the Users and Services application, disable Single Point Provisioning.
Create a MiCollab synchronization account on the directory service domain. The account must have read access.
If LDAP Authentication is required, ensure that a valid Certificate Authority (CA) has been configured for Active Directory. If LDAP Authentication is not required, you assign users new passwords on MiCollab using roles and associated user templates.
On the directory server, ensure that the user data fields contain entries for the following attributes: samAccountName, givenName, sn, and distinguishedName. Otherwise, failed update errors are generated on MiCollab during the synchronization. If an employeeType field is not specified the entry is sent to the detained queue.
In the MiCollab Users and Services application, create user templates for the various roles in the enterprise. In the templates, assign the phone and application services that you want to apply to the user data that is obtained from the directory server. In the templates, also set a password policy for the user data. You have the option of creating these templates from the UCC default templates.
In the MiCollab Users and Services application, create roles that correspond to the employeeType attribute entries on the directory service. You can create these roles from the UCC default roles. Note that when users are obtained from the directory server, if a user entry has a blank employeeType field, the update is sent to the detained user updates queue.
Create a connection to the directory server:
Under Configuration, click Integrated Directory Service.
Click Add connection. The Add Integrated Directory Service connection page opens.
Complete the fields to create a connection. When you configure the IDS Connection Parameters on MiCollab, transfer the "Current MiCollab Audio, Web and Video Conferencing LDAP Configuration Settings" that you recorded in the table above into the MiCollab IDS Connection page. See Manage IDS Connections for field descriptions.
If Active Directory Authentication is required, the Synchronization option must be enabled. Also, set the Connection Method to either TLS or TSL/SSL. The Connection Method cannot be Unsecured.
Note: To use SSL/TLS for IDS, LDAP over SSL must enabled on the active directory server. See the following links for more information:
Click Save. MiCollab verifies the connection parameters and indicates if any errors are present.
Configure Active Directory Authentication if required.
Check the Enable authentication box beside the desired domain. You can only enable Active Directory Authentication on a single domain. So, if you want to select a different domain, you must first disable the currently selected domain.
Note: You can connect the Active Directory Authentication to a Global Catalogue on the domain controller. If multiple connections are used, and if those connections point to domains which are under the same forest, you can configure one connection to use the global catalogue. With global catalogue enabled, all users from all connections under the same forest should be able to authenticate. Note that using global catalogue limits the fields that can be used for synchronization.
Secure authentication requests are required as part of the IDS connection.
Click Save.
If your server is using the default LDAP attributes, you should not need to modify the IDS Attribute Mappings. However, if your server is using non-default LDAP attributes, you must modify the associated attribute mappings.
By default, user service data and Active Directory authentication are synchronized for all users. Specify any user records that you do not want to receive changes from the directory service. To prevent a user record from receiving updates from the directory server:
Under Applications, click User and Services.
Locate the user using the Search function.
On the User tab in the Personal Information section, clear the IDS Manageable box.
Click Save.
Schedule synchronizations with the directory server database to occur on a regular basis during off-business hours (for example: daily at 12:00 am). These re-occurring synchronizations keep the MiCollab database up to date with database changes that are entered on the directory server.
Under Configuration, click Integrated Directory Service.
Click Edit next to the directory service connection. The Manage IDS connections page opens.
Ensure the Re-initialize on next cycle box is clear. The re-initialize option is only required for a full synchronization, and by default, is not required during initial configuration. It is typically used to recover from database corruption.
In the Schedule field, set the schedule using the drop-down menus.
Click Save.
Perform a full synchronization from MiCollab with the directory server database. The user entries are not distributed to the MiVoice Business because SPP is disabled.
Resolve any detained IDS updates on MiCollab. After the full synchronization is complete and you have resolved the detained updates, both the MiCollab and MiVoice Business databases match the directory server database.