Which of the following is not a benefit of integrating LDAP with UCM?
A.
LDAP users are automatically provisioned in UCM.
B.
LDAP users can be authenticated to UCM by using LDAP passwords.
C.
UCM applications can perform LDAP user lookups.
D.
LDAP passwords can be synchronized with UCM application users.
Explanation:
Lightweight Directory Access Protocol (LDAP) passwords cannot be synchronized with Cisco Unified
Communications Manager (UCM) application users. LDAP synchronization with UCM does not apply to
application users. For example, users of the Cisco Unified Personal Communicator application are manually
provisioned by using the UCM graphical user interface (GUI) and cannot be created or managed automatically
through the corporate directory like UCM users can be.
LDAP users being automatically provisioned in UCM is a benefit of integrating LDAP with UCM. When UCM is
configured to synchronize with an LDAP directory, such as OpenLDAP or Microsoft Active Directory, the user ID
and all user personal and organizational data that is stored in the LDAP directory, except for passwords, are
replicated to the UCM database. It is important to note that the Cisco Directory Synchronization (DirSync)
service must be activated before LDAP synchronization can take place.
When LDAP synchronization is configured, UCM configures the synchronized data as read-only data and
acknowledges the LDAP directory as the central authority for creating and deleting user accounts. Therefore,
UCM prevents administrators from using the UCM GUI to add and delete users. None of the data that was
replicated to the UCM database can be modified by using the GUI. However, UCM user data that is not
managed by the LDAP directory, such as the user’s password and personal identification number (PIN), can be
modified in the UCM administrative GUI.
The ability for Cisco UCM applications, such as Unified Personal Communicator, to perform LDAP user lookups
is a benefit of integrating LDAP with UCM. When LDAP directory lookups are enabled, not only can a Unified
Personal Communicator client search for and view information in the LDAP directory, but the client can also
add contacts from the LDAP directory to contact lists. Administrators can configure a limitless number of LDAP
custom filters in UCM Administration to filter the results of LDAP searches.
LDAP users being authenticated to UCM by using LDAP passwords, which is also known as single sign-on
(SSO), is a benefit of integrating LDAP with UCM. Although user personal and organizational data is not
synchronized with the LDAP directory and can be modified separately from the LDAP directory, you can change
the user password only by using the LDAP directory’s change-password tool. When a user attempts toauthenticate with UCM, the user’s credentials are passed to the LDAP directory authentication service. If the
credentials are correct, the user is authenticated and permitted to log in to the UCM GUI.Cisco: LDAP Directory Integration: LDAP Authentication
Cisco: LDAP Directory Integration: LDAP Synchronization