Categories

CUC (6) CUCM (26) Jabber (6) Python (2) Routing (3) Solarwinds Orion NPM (4) switching (1) Video (6) voice (2)

Monday, 22 October 2012

Jabber for Windows Enhanced Directory integration (EDI) v1.1



How Jaber EDI works
Jabber passes all directory queries on to its OS's  EDI API. It uses LDAP on port 3268 (Global Catalog). it's not just Jabber that can do this, many Windows apps, use the same mechanism.

All this means that, from a configuration point of view, not a lot needs to happen, other then the machine being on the domain and the logged in user being part of that domain.

Because it uses the OS's EDI API, I have found cases where I am deploying jabber on a customer network, (using a VPN) and then when I do a user search on a Jabber client registered on that customer's presence server, I find people in my own organisation. Since my laptop is already on my company's domain, it has already discovered my company's AD server. Because the Jabber client will pass AD directory lookups on to the EDI API, I am essentially searching my company's directory and not the directory of the customer that I am VPN'ed into. Cisco Documentation states, Jabber should be looking at:


1 Environment variable: USERDNSDOMAIN
2 Registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Domain
3 Registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpDomain


So, when a Jabber clients platform is not in the domain, you will need to update the jabber-config.xml file manually, to point to the desired server, as this will not be automatically discovered. This explicit definition can be done as follows:

<?xml version="1.0" encoding="UTF-8"?>
-<configversion="1.0">-<Directory> 

<PrimaryServerName>192.168.22.10</PrimaryServerName> 
<ServerPort1>3268</ServerPort1> 
<UseWindowsCredentials>0</UseWindowsCredentials> <ConnectionUsername>ccjabber@company.local</ConnectionUsername> <ConnectionPassword>Passw0rd</ConnectionPassword> </Directory> </config>


(to obtain this file, issue TFTP <CUCM ip address> get  jabber-config.xml)

But as said in the beginning, to get EDI to work, you should NOT need to edit the jabber-config.xml file.  

please also note that in CUPS one can configure an LDAP server and LDAP profile and assign this to users. Make no mistake: this is not used for directory lookup or authentication on a Jabber for Windows (JFW) client!!!!!  It is used for Android, iphone and ipad client (please note that I am not using capitals for apple products). 

This because we have established that JFW passes these types of lookups and authentication request on to either the EDI API or alternatively, whatever is configured in the jabber-config.xml file (which has precedence).

One side note on JFW. I have had instances where I was unable to log into the client, because I use a domain name in one place and an IP address in the other to point to presence.

Before you log into the Jabber client, you can set the connection settings:  FILE > Connection settings.

Here you can define the name/IP address of the presence server:








As you can see I have used the name of the presence server:  cupspub

whatever you fill in here HAS TO MATCH with the name of the server in the CUPS topology configuration:






So the node name will need to match up with the hostname in the Connection settings in the client.  In my particular case, because I am not on the customer domain, I will therefore need to add an entry in my host file to resolve the name cupspub. (And you do not want to know how long it took me to figure out that one, because as far as I know Cisco did not stipulate this anywhere)
And that's all I am gonna say about that one






5 comments:

  1. Nice writeup. Iam setting up a Jabber on-premise environment. How do I configure the jabber-config.xml file to be used by both Jabber for windows, for ipad,iphone and android to use the same directory? Iam using an LDAP based AD directory.
    As of now, the directory type is set to EDI and its working well on J4W.

    ReplyDelete
  2. Kevin,

    start of with configuring the CUCM device. so for instance an Iphone (Cisco Dual Mode for iPhone).
    \
    in the main configuration page, you can configure parameters like LDAP server, LDAP Search base and UID and passowrd, without the need of mucking around with the Jabber-config.xml first.

    ReplyDelete
  3. This comment has been removed by the author.

    ReplyDelete
  4. Great tip. It helped me a lot.

    Thanks,

    ReplyDelete