I’ve seen some confusion regarding LDAP and Presence, why it’s used and how you configure it. I can see why it’s not clear considering you most likely have LDAP already configured in your Callmanager, so why configure it again? Let me break it down for you.
Let’s look at a brief overview. There are two types of LDAP functionality you can enable – Synchronization and Authentication.
Synchronization enables you to import end user from an LDAP server, such as Microsoft Active Directory. Why manually add every single end user in the Callmanager when you can just import an up to date list from the company’s Active Directory. When LDAP synchronization is enabled, the local database is still used for Authentication.
Authentication enables Unified CM to authenticate end user passwords against a corporate LDAP directory instead of using the local database. You can see the benefit of having a central system for handling both user and password management.
When you login to the Presence web interface for the first time you will see a post-installation wizard. It will prompt you for the CUCM Publisher hostname, IP, cluster security password etc. It will also ask you for the CUCM AXL account username and password.
The Administrative XML (AXL) interface enables Provisioning Applications to remotely access configuration data stored in the Cisco Unified Communication Manager database. This includes Create, Read, Update, and Delete objects such as gateways, users, devices, route-patterns and much more.
That means the Presence server will import all end users from the Callmanager using AXL. So you can see there is no need for the Presence server to Synchronize (import) end users from the Microsoft Active directory.
Jabber for Mac / Personal Communicator
LDAP integration is actually not done for the Presence server itself, but rather for the Jabber for Mac / Personal Communicator client to perform user lookup.
This becomes even more apparent when you see that you configure LDAP profiles per user, and not globally for the entire CUP server.
There is no local database that the Jabber or CUPC client can use to search for users and find their details such as phone number, email address and photo. In order to find this information you must use LDAP.
Update: Cisco introduced UDS mode in Jabber for Windows which allows you to use the Callmanagers database for user lookup.
Callmanager / Presence LDAP scenarios
You integrate Cisco Unified Communications Manager and Cisco Unified Personal Communicator with an LDAP directory. Cisco strongly recommend this configuration.
You integrate Cisco Unified Communications Manager with an LDAP directory, but you do not integrate Cisco Unified Personal Communicator. Cisco do not recommend this configuration because it will impact Cisco Unified Personal Communicator functionality and you will experience performance issues.
You integrate Cisco Unified Personal Communicator with an LDAP directory, but you do not integrate Cisco Unified Communications Manager. Cisco do not recommend this configuration because you will have to manually configure all your users on Cisco Unified Communications Manager at initial installation, and each time a change is made on the LDAP directory.
Photos in Jabber for Mac / Personal Communicator
In order to see photos of users in your contact list you must first integrate LDAP with your Jabber for Mac / Personal Communicator.
Goto Application -> Cisco Jabber/Personal Communicator – LDAP Profile. Enter username, password and user search base where your end users are located in the AD. Add end users to this profile or make it default for the system.
Jabber for Mac supports fetching photos from LDAP server with the jpegPhoto LDAP attribute. You may need to extend the schema of your AD to support this.
CUPC 8.x does not support fetching photos from LDAP.
Both Jabber for Mac and CUPC can also fetch photos from a web server.
Goto Application -> Cisco Jabber/Personal Communicator -> Settings.
Scroll down to LDAP Attribute Mapping. Select the LDAP server type from the drop down menu. In the Photo field, enter the URL to the web server where your photos are stored, e.g. http://company-name.com/photos/%%sAMAccountName%%.jpg
If you are using Microsoft AD use %%sAMAccountName%%.jpg or %%uid%%.jpg if you are using iPlanet, Sun ONE or OpenLDAP.
Upload the photos to the web sever and make sure the filename is the same as the userid in the Active Directory.