Which of the following is not a benefit of integrating LDAP with UCM?
- LDAP users are automatically provisioned in UCM.
- LDAP users can be authenticated to UCM by using LDAP passwords.
- UCM applications can perform LDAP user lookups.
- LDAP passwords can be synchronized with UCM application users.
Lightweight Directory Access Protocol (LDAP) passwords cannot be synchronized with Cisco Unified Communications Manager (UCM) application users. LDAP synchronization with UCM does not apply to application users. For example, users of the Cisco Unified Personal Communicator application are manually provisioned by using the UCM graphical user interface (GUI) and cannot be created or managed automatically through the corporate directory like UCM users can be.
LDAP users being automatically provisioned in UCM is a benefit of integrating LDAP with UCM. When UCM is configured to synchronize with an LDAP directory, such as OpenLDAP or Microsoft Active Directory, the user ID and all user personal and organizational data that is stored in the LDAP directory, except for passwords, are replicated to the UCM database. It is important to note that the Cisco Directory Synchronization (DirSync) service must be activated before LDAP synchronization can take place.
When LDAP synchronization is configured, UCM configures the synchronized data as read-only data and acknowledges the LDAP directory as the central authority for creating and deleting user accounts. Therefore, UCM prevents administrators from using the UCM GUI to add and delete users. None of the data that was replicated to the UCM database can be modified by using the GUI. However, UCM user data that is not managed by the LDAP directory, such as the user’s password and personal identification number (PIN), can be modified in the UCM administrative GUI.
The ability for Cisco UCM applications, such as Unified Personal Communicator, to perform LDAP user lookups is a benefit of integrating LDAP with UCM. When LDAP directory lookups are enabled, not only can a Unified Personal Communicator client search for and view information in the LDAP directory, but the client can also add contacts from the LDAP directory to contact lists. Administrators can configure a limitless number of LDAP custom filters in UCM Administration to filter the results of LDAP searches.
LDAP users being authenticated to UCM by using LDAP passwords, which is also known as single sign-on (SSO), is a benefit of integrating LDAP with UCM. Although user personal and organizational data is not synchronized with the LDAP directory and can be modified separately from the LDAP directory, you can change the user password only by using the LDAP directory’s change-password tool. When a user attempts to authenticate with UCM, the user’s credentials are passed to the LDAP directory authentication service. If the credentials are correct, the user is authenticated and permitted to log in to the UCM GUI.