Monday, February 11, 2013

Jabber Deployment Considerations: Authentication

One of the big hurdles to CUP/Jabber deployment in the past was the requirement for Active Directory or LDAP integration for authentication.  For deployments with significant amounts of CUCM local users, this added additional complexity from a deployment perspective, requiring conversion to LDAP or AD based user accounts.  To remedy this, the User Data Service (UDS) was added to CUCM versions 8.6.2 and above which allows Jabber clients to not only authenticate against the CUCM local user database, but also search directory information in CUCM.  Now, organizations can deploy CUP and Jabber clients more rapidly without re-architecting their authentication mechanisms in their UC environment.

To implement UDS:

http://www.cisco.com/en/US/docs/voice_ip_comm/jabber/Windows/9_0_1/b_jabber_win_icg_chapter_01.html#JABW_RF_CE1A16F9_00

Enable Integration with UDS

To enable integration with UDS, you perform the following steps:
  1. Create your directory source in Cisco Unified Communications Manager.
  2. Synchronize the contact data to Cisco Unified Communications Manager.
  3. Specify UDS as the value of the DirectoryServerType parameter in your Cisco Jabber for Windows configuration file.
  4. Upload the modified jabber-config.xml file to the TFTP server and restart the TFTP service.
For testing purposes, simply modify the file on one client to make sure it works before uploading the custom jabber-config.xml file to TFTP for all to use.

Cisco Jabber for Windows caches configuration files in the following locations:


Microsoft Windows 7
%USERPROFILE%\AppData\Roaming\Cisco\Unified Communications\Jabber\CSF\Config
Microsoft Windows XP
%SYSTEMROOT%\Documents and Settings\user_name\Application Data\Cisco\Unified Communications\Jabber\CSF\Config


For assistance with the contents of the jabber-config.xml file, consult the Jabber for Windows Admin Guide.  Essentially, you are just adding:
<Directory>
  <DirectoryServerType>UDS</DirectoryServerType>
 </Directory>
Your environment may require additional attributes for photo retrieval, but in general, this will make Jabber clients authenticate to CUCM using CUCM user accounts.

There is also a great tool on the Cisco Support forums that helps generate the file.