|
|
uOne interfaces with the directory server using the LDAP protocol. The primary use of the directory server is to store user profile information. Administration of the directory server is accomplished through the vendor-supplied tools and Cisco's telephone-based, web-based, and command line tools. Cisco tools include:
The Community of Interest (COI) feature is in large part a function of the directory server. This feature, similar in concept to a Virtual Private Network (VPN), allows the uOne application to provide a set of subscribers with the appearance of having their own service, even though they share the same directory and messaging servers with others. This feature will be discussed at the end of this chapter.
It is possible to administer the Directory server without using the Cisco tools, but it is not recommended. The Cisco tools coordinate the administration of multiple servers and apply rules and error checking. Specifically, changing a subscriber password with a non-Cisco tool can cause loss of synchronization, resulting in failed logins via the telephone interface.
 |
Note The following information will be required when administering uOne. You should document this for every directory server. |
| What | Description | Where to find it |
|---|---|---|
The fully qualified hostname of the server | ||
The LDAP distinguished name of the LDAP "superuser" | Rootdn entry in the slapd.conf2 file. | |
LDAP port number. Defaults to 389. | Port entry in the slapd.conf2 file. | |
LDAP password for the LDAP "superuser" | Rootpw entry in the slapd.conf2 file (if not encrypted). |
| 1Assumes use of a UNIX-like operating system 2Assumes use of Netscape Directory Server |
The uOne Administration package must be installed on the gateserver or the web administration host.
|
Note Please see "Notes on Software.com" for information on configuring Software.com's Intermail. |
Step 2 Place cisco-schema.conf in the directory containing other schema configuration files (e.g., /home2/server4/slapd-<hostname>/config).
Step 3 Incorporate the attributes and objectclass definitions from cisco-schema.conf into your existing schema definition. Do this by using an include directive within the slapd.conf file to include cisco-schema.conf.
The following table (Table 3-2) provides the requirements for directory server configuration.
.
Messaging Server Requirements | If you are using a directory-enabled messaging server, the directory must contain whatever entries and attributes are required for the directory-enabled messaging server used with it. For example, Netscape Messaging Server 4.x requires a Postmaster entry and an entry for each subscriber. Use of uOne administration to add subscribers will ensure that they contain the proper entries and attributes. Consult the messaging server product documentation for details. | |
Security | The userpassword attribute should be encrypted (preferably with Secure Hash Algorithm). Some directory servers (e.g., Netscape Directory Server 4.x) automatically encrypt userpassword by default. In the case of Netscape Directory Server 4.x, use the default - Secure Hash Algorithm. To ensure security, the directory should be configured to allow only the LDAP superuser (sometimes referred to as the rootdn or "Directory Manager") administrators, or the owners themselves to access the password, umpassword, and userpassword attributes. | |
.
Certain directory servers (e.g., Netscape Directory Server) provide configurable limits (e.g., look-through and size) on the number of LDAP entries that can be returned from an LDAP search. The broadcast message feature requires that these limits be configured to at least the number of recipients of the broadcast message list (this can be as large as the number of subscribers in the directory server, less those that are administrative or AMIS-A). For example, if there are 100 uOne accounts, including two admin accounts and no AMIS-A, then the limits must be configured to at least 98. If the Netscape Directory server limits are configured too low, only a subset of the intended subscribers will receive the broadcast message.
| ||||
Cache | Directory server cache settings should be configured high enough for the number of entries in the directory server and the total bytes contained in those entries. In the case of Netscape Directory Server 4.x, these settings can be found under the Performance tab. For a system with 1,000 subscribers, we have found the following cache sizes to be appropriate: Maximum Entries in Cache: 2,500. Maximum DB Cache: 300,000. Scale the values in proportion to the expected number of subscribers. | |||
File Descriptors | If you need to support a large number of simultaneous LDAP sessions to your directory server, it may be necessary to configure your operating system to allow a larger number of file descriptors in a process. Be sure to increase both hard and soft limits (if applicable) for file descriptors, because some directory servers require both limits to be raised. | |||
Indexing | Certain attributes must be indexed according to the LDAP attributes for uOne, which are available in the table containing LDAP Attributes. Lack of proper indexing causes unacceptable search performance with a large database. On the other hand, setting up more indexing than necessary creates needless overhead on adds, deletes, and modifies, and requires extra directory server cache space. | |||
Logging | Disable diagnostic trace logging in the directory server (e.g., access logging in Netscape Directory server) to avoid processing overhead and disk overflow. | |||
Service Providers (SPs) may want to provide service to different customers and leverage the same equipment. These customers want the appearance that they are actually providing their own set of services, although in reality the services are provided by the SP, and the customers are, in effect, acting as a reseller of these services. This allows each reseller to provide their corporation's own greetings, directories, etc. SPs want to have administrative control over the entire system. However, they also want to be able to delegate administrative responsibilities to their customers (resellers) to control administration for these communities of users.
An important requirement is that COI trees cannot contain other COIs. COIs can, however, be grouped below an intermediate level node (ILN). An ILN is a node (in the hierarchy) between the top level node and a COI node. ILNs typically represent resellers.
Use of the Quick Configuration tool automatically creates initial directory content suitable for use with Netscape Messaging Server 4.x and Software.com InterMail KX and MX. The Quick Configuration tool (quickconf) ensures all of the following requirements are met. This initial content allows you to begin using uOne Administration. Please use quickconf rather than manual configuration when possible. See the uOne Gateserver Installation and Configuration Manual for more information. The examples below use Netscape ACI syntax. Other directory servers use other syntaxes.
|
Note Any of the sample snapshots that contain long lines requiring continuation are shown such that the continuing line starts with a " " (space). This is the continuation syntax supported by the LDIF file format. |
You must ensure that an ou of "Directory Administrators" exists directly below your top level suffix/searchbase. For example, you must have the DN: ou=Directory Administrators,o=<domain>. Depending on how you install Netscape Directory server, this ou may or may not be created for you. Please verify the existence of this ou before running the ldapsetup.sh script created by the Quick Configuration Tool. If this ou is not present, please create it before running the ldapsetup.sh script. You can create the ou using Netscape Console.
To allow initial use of uOne Administration, you must meet all of the above requirements. Please use the Quick Configuration tool to do so.
In addition, self entry modification (i.e., write permission) should be granted via a base-level ACI. This allows users who bind and authenticate successfully as a DN to modify that DN.
Some software may bind to the directory server anonymously. To support this, you must configure the directory server to allow anonymous read, search, and compare access to subscriber entries (including the Postmaster entry). The sufficient anonymous access can be set up via the following ACI— (note that it does not allow access to the userpassword attribute).
In order to use uOne Administration, you must create a group with "cn=UMSA Administrators" having as members the LIP entry DNs of uOne subscribers or administrators who are allowed to access uOne Administration. For example, you could add the DN of your LIP entry to the UMSA Administrators group to allow yourself access to uOne Administration using your e-mail address and password. The UMSA Administrators group should be placed at the base level.
You must also allow the appropriate users (i.e., member DNs in the UMSA Administrators group) to administer the appropriate communities of interest. This is so even if you are only using a single community. To accomplish this, you must create a group for each community subtree containing the LIP entry DNs of uOne subscribers or administrators who are allowed to administer that ILN/COI.
You must allow each such group all forms of access to its community subtree for all attributes and for the simple authentication method via an ACI.
You should limit community of interest (COI) specific groups to only their own community. That is, you should prevent ILN/COI administrators of one community subtree from accessing other community subtrees. For example, if you had both COIA and COIB subtrees, you should prevent COIA's administrators from accessing the COIB subtree and vice-versa. An example ACI that prevents a group of subtree administrators from accessing other subtrees is:
Additional COIs expand on the idea of providing a set of subscribers with the appearance of having their own services, even though they share the same set of systems with others. In effect, it appears as though each set of subscribers is on its own private system. When they dial into the system, the only subscribers they can see (interact with) are those administered in their own COI. When they call into the system, they will hear the Welcome Greeting for their COI. When they address messages to other subscribers, they will only see subscribers in their own COI. Broadcast messages and COS(s) only apply to their own COI as well.
The COI feature is based on the directory tree structure and features on the directory server. The directory is basically a tree structure with different levels. A COI will be defined by a specific point (root node) in the tree. The COI will be allowed to interact with those at or below their node. Users within a COI are restricted from seeing outside this domain (community).
Additional communities should only be added after a single COI has been configured (can be done via the Quick Configuration tool) and tested. For more information on administering COIs, please refer to the Setting Up Communities of Interest chapter in the uOne Administration Manual.
|
Note Attributes in bold must be indexed according to the Index Setting column. |
| Attribute Name | Attribute Meaning | Valid Values and Defaults | Index Setting | ||
|---|---|---|---|---|---|
Defines the actions for DTMP when a mailbox is set up as an autoattendant. AutoAttendant is not a supported feature of uOne 4.x. | Default = N/A | None | |||
Whether uOne should accept messages for the subscriber while the subscriber is on vacation. | Yes/No
Default = N/A | None | |||
The active greetings. Created and modified by uOne. | SpokenName, Extended_Absence, AllCalls, OutOfHours, Busy, NoAnswer, SNRGreeting.
Default = N/A | None | |||
Pointer to the message admin account for the subscriber - used by uOne to get greeting/distlist related info. | The uniqueidentifier of the Greeting Administrator account for the subscriber.
Default = N/A | None | |||
The alternative mail address.
| Any RFC822 compliant mail address.
Default = N/A | Equality | |||
Present only in the LIP entry for an EVMU. Subscribers do not have this attribute present in their respective LDAP entries. | The remote system's four-, five-, seven-, or ten-digit ID for the EVMU.
Default = N/A | Presence | |||
Authority name used to create the uniqueidentifiers for the subscribers. | Any string.
Default = N/A | Equality | |||
This mailbox is currently setup as an autoattendant. AutoAttendant is not a supported feature of uOne 4.x. | Default = N/A | None | |||
Allows subscribers to set up their mailbox as an autoattendant. AutoAttendant is not a supported feature of uOne 4.x. | Default = N/A | None | |||
Whether to start playing new messages automatically after successful login. | Yes/No
Default = No | None | |||
Serves as a counter for the subscribers's consecutive failed login attempts. | Default=0 | None | |||
This is the same as the primary telephonenumber of the subscriber and is associated with the mailbox. | Primary telephonenumber of the subscriber.
Default = N/A | Equality, Presence | |||
When enabled, allows sender of broadcast message the ability to set expiration (in days). | On/Off
Default = N/A | None | |||
When enabled, allows the sender to set MWI with a broadcast message. | Currently, can only be set to Off.
Default = Off | None | |||
Country | Any string. Default = N/A | None | |||
Enables a caller to transfer call to another subscriber. | yes/no
Default = no | None | |||
Enables a caller to transfer to coverage (receptionist/attendant). | yes/no
Default = no | None | |||
Common name of the subscriber. Typically it is the first name followed by the last name of the subscriber. | Any name that is used to identify a subscriber.
Default = N/A | Equality, Presence, Substring | |||
The Class Of Service for the subscriber. | Used to get the COS attribute values for a subscriber.
Default = 0 | Equality, Presence | |||
Contains the dn of the COS the subscriber belongs to. | A valid DN Default = N/A | None | |||
Name of Class of Service. | String up to 60 characters.
Default = N/A | None | |||
Coverage telephonenumber for the subscriber - if not created, can be created from uOne. | A valid telephone number which will act as the coverage phonenumber for the subscriber.
Default = N/A | None | |||
Member of the distribution list. uOne creates and maintains it.
| For Netscape Messaging server: mgrpRPC822mailmember.
Default = N/A | None | |||
Description of the distribution list. | Any string. Default = N/A | None | |||
Percent setting for warning subscribers of the remaining disk space. | .01 - .99
Default = no warning | None | |||
Maximum allowed number of entries in a distribution list. | A valid integer <= 150.
Default = 100 | None | |||
Maximum allowed number of distribution lists for a subscriber. | A valid integer. Default = 10 | None | |||
End of message warning threshold in seconds. When EOMsgWarning seconds of time remain, the warning is issued. Then the caller may record up to EOMsgWarning more seconds. | Valid time in sec.
Default = 30 sec. | None | |||
The default outbound fax number. Can be a duplicate in the directory. | A valid telephone number.
Default = N/A | None | |||
Stores the uniqueidentifier of the Fax Administration user account for the subscriber. | The format of storage is the same as that for the admininfo field.
Default = None | None | |||
Whether or not faxes should be automatically sent to a fax machine.
| Yes/No
Default = No | None | |||
The telephone number of the destination fax machine when FaxAutoForward is set to yes.
| Default = N/A | None | |||
Enables fax messages to be inventoried during the login process. | Yes/No
Default = No | None | |||
Gender of the subscriber. | M/F
Default = None | None | |||
Maximum length of time allowed for a recorded greeting message.
Currently not in use. | Default = 60 | None | |||
Defaults to the SMPP Center value if no value is present in the subscriber's SMS record. | An integer 0 -255. Default = N/A | None | |||
Defaults to the SMPP Center value if no value is present in the subscriber's SMS record. | An integer 0 -255. Default = N/A | None | |||
The inbound fax number used by uOne to "fax into" a mailbox. Has to be unique in the directory (aka phantom fax number). | A valid telephone number.
Default = N/A | None | |||
Include spoken name in messages. | Yes/No Default = N/A | None | |||
The valid days of the work week for the subscriber. | 0123456 for Sunday through Saturday.
Default = 12345. | None | |||
The end of the business hour during the business days of the week. | 00-2400 (minutes on a 24- hr. clock).
Default = 1700. | None | |||
The start of the business hours during the business days of the week. | 00-2400 (minutes on a 24- hr. clock)
Default = 0830 | None | |||
The location code of a subscriber. Used in broadcast message LDAP filters. | By convention, any number in the form of X or XX.
Default = N/A | Equality | |||
The e-mail address of the subscriber. Should be unique in the whole directory. | <userid>@<domain_name>
Default = N/A | Equality, Substring | |||
Identifies an alternative e-mail address for a subscriber. Used in uOne Administration/PMA for processing faxes destined for a particular fax phone number. Those faxes will be forwarded to this address. This attribute is a Netscape extension used by the Messaging Server to match a mail address to a user. | Valid e-mail address. Default = N/A | Equality | |||
Value of the maximum number of failed logins allowed across multiple sessions prior to locking subscriber's mailbox. | Default=6 | None | |||
Maximum number of SNR numbers to try. | Default=3 | None | |||
memberdescr | Used to store HTML form input settings for PMA distribution list configuration. | Default = N/A | None | ||
Whether to speak the inventory of messages at login.
Currently not in use | Yes/No
Default = N/A | None | |||
Links a subscriber's LIP record to a subscriber's SMS information record. | Subscriber's primary telephone number. | None | |||
The messaging server holding the subscriber's messages. | A valid hostname with a fully qualified domain name.
Default = N/A | None | |||
MWIenable | With default, UM agent will not attempt to turn off MWI when MWI is not configured. | Yes/No Default = No | None | ||
DTMF equivalent of the person's first name followed by the last name. | Sequence of digits
Default = N/A | Equality, Presence | |||
DTMF equivalent of the person's last name followed by the first name. | Sequence of digits
Default = N/A | Equality, Presence | |||
Notification expiration time in hours. | An integer 0 - 300. Default = N/A | None | |||
Notification e-mail address. | A valid e-mail address. Default = N/A | None | |||
Detailed message notification provides details about the specific message received. Message Count notification provides the number of unread messages by type. | Detailed, Message Count. Default = Detailed | None | |||
A number for the device, whether it is a phone number or pager PIN. | Valid phone number or pager PIN.
Default = N/A | None | |||
A number for the device, whether it is a phone number or pager PIN. | Valid phone number or pager PIN.
Default = N/A | None | |||
A number for the device, whether it is a phone number or pager PIN. | Valid phone number or pager PIN.
Default = N/A | None | |||
A number for the device, whether it is a phone number or pager PIN. | Valid phone number or pager PIN.
Default = N/A | None | |||
A number for the device, whether it is a phone number or pager PIN. | Valid phone number or pager PIN.
Default = N/A | None | |||
A number for the device, whether it is a phone number or pager PIN. | Valid phone number or pager PIN.
Default = N/A | None | |||
Numbering Plan Indicator. Defaults to the SMPP Center value if no value is present in the subscriber's SMS record. | An integer 0 -255. Default = N/A | None | |||
Organization | Any string. Default = N/A | None | |||
Organizational Unit | Any string. Default = N/A | None | |||
Subscriber's PIN number. Depending on the subscriber's paging service, the PIN number may be the last 7 digits of the subscriber's phone number or a unique PIN number provided by the paging service.
| Valid PIN number.
Default = N/A | Equality | |||
E-mail address for subscriber's pager.
| A valid e-mail address. Default = N/A | None | |||
Determines whether the new message notification paging feature is on or off. See also SNRPager Enabled . | Yes/No
Default = No | None | |||
PagerPIN | Not currently supported by uOne Administration. Subscriber's pager password, if needed. Most pagers will not. | Valid password. | None | ||
Type of pager that uOne will support. | Numeric or alphanumeric. | None | |||
The provider of the subscriber's paging service. | Valid paging service provider name.
Default = N/A | None | |||
Maximum length for the uOne (DTMF) password. | Any number between 4 and 8.
Default = 4 | None | |||
Minimum length for the uOne (DTMF) password. | Any number between 4 and 8.
Default = 4 | None | |||
The Cisco encrypted e-mail password. When encrypted, this matches the unencrypted value of the userpassword attribute. | Input range: 4 - 8 alphanumeric characters.
Default = N/A | None | |||
Maximum length for the telephone password. | Any number between 4 and 8. Default = 4 | None | |||
Minimum length for the telephone password. | Any number between 4 and 8. Default = 4 | None | |||
Contains the section name within the Rules.<hostname> for dial string generation. | Any section name in Rules.<hostname> file, or blank. Default = N/A | None | |||
When phone number input has the length as 4, 5, or 7 digits, the number is expanded to the 10-digit phone number according to the rules set up in this section of the Rules.<hostname> file. When the input length is 10 or 11 digits, the following rules apply: 10-digit - This will be the final 10-digit phone number 11-digit - Strip out the first digit from the phone, this will be the final 10-digit phone number. | Any section name in Rules.<hostname> file, or blank. Default = N/A | None | |||
phonetype | All telephone numbers for a particular mailbox can be configured separately for phonetype. | Cellular or Landline
Default = Landline | None | ||
Whether to play the header information when playing messages. | Yes/No
Default = No | None | |||
Preferred date format for notification. | mm/dd/yyyy, dd/mm/yyyy, yyyy/mm/dd Default = mm/dd/yyyy | None | |||
Defines a subscriber's preferred written or spoken language. The value for this attribute should conform to the syntax for HTTP Accept-Language header values. This value is used as the prompt as well as the TTS language within uOne. | Default = eng | None | |||
Preferred time format for notification. | Default = N/A | None | |||
If the value is set to No, whenever the user returns to the main menu (*1, *2), uOne skips playing the message. Inventory. When it is set to Yes, it plays the message inventory. | Yes/No
Default = No. | None | |||
secondaryphonenumber | Up to four secondary phone numbers are available per mailbox/user. Each telephone number must be unique throughout the entire database, not just per subscriber. | Any valid telephone number.
Default = N/A | Equality | ||
SMPP Center Identifier. | List of available SMPP Centers. Default = None | None | |||
SMPP IP Address in format xxx.xxx.xxx.xxx. | Valid IP address where xxx is 0 -255. Default = N/A | None | |||
SMPP Port Address. | An integer between 0 - 32768. Default = N/A | None | |||
SMSNumber | The phone number for the SMS service. Currently, this number is the same as the subscriber's primary telephone number. | Default = Subscriber's primary telephone number. | None | ||
Surname. Typically, the customer's last name. | Any string. Default = N/A | None | |||
This is the Personal Access telephone number. | Any valid telephone number.
Default = N/A | Equality | |||
Contains the file name of a special .ini file for PA subscribers. | Any valid file name. | None | |||
Single-number reach value - a telephonenumber value used by the application to reach the subscriber during business hours on business days. | A valid telephone number.
Default = N/A | Presence | |||
Single-number reach service enabled. | Yes/No
Default = No | None | |||
A telephone number similar to SNR, except for non-business days. | A valid telephone number.
Default = N/A | None | |||
A telephone number similar to SNR, except for non-business hours. | A valid telephone number
Default = N/A | None | |||
Indicates the status of the subscriber's SNR paging service. | Yes/No
Default = No | None | |||
The number of rings SNR will allow before trying the next SNR telephone number or, lastly, a pager. | Range: 2-5
Default = 3 | None | |||
Indicates whether a COS has the Single-number reach service feature. | SNR/NONE
Default = NONE | None | |||
Indicates whether a COS has the streaming feature.
| Yes/Yes_premium/No | None | |||
Subscriber's time zone setting. | Allowed time zones.
Default = EST5EDT | None | |||
Enables subscribers to transfer calls. | Yes/No
Default = No | None | |||
LDAP search base uOne will use for its directory searches. This indicates the COI. | A valid DN. Default = N/A | None | |||
See billingnumber. | Any valid telephone number.
Default = N/A | Equality, Presence | |||
Type of number. Defaults to the SMPP Center value if no value is present in the subscriber's SMS record. | An integer 0 - 255. Default = N/A | None | |||
Enables the e-mail TTS feature. | Yes/No Default = No | None | |||
Contains the uOne (DTMF) password of a subscriber in encrypted form. | Input Range: 4-8 characters.
Default = 1234 | None | |||
Concatenation of a handle issuing authority with a 16-digit unique number with # used to separate the two, and is persistent for the life of the entry in LDAP. This handle uniquely identifies the subscriber. | 16-digit number prefixed with an authority name and a #.
Default = N/A | Equality | |||
A 16-digit number used in creating the uniqueidentifier. Incremented by 1 after being used. | Default = 1 | None | |||
Used by uOne to track first time user password change and the initial greeting status. | 0 - 7
Default = 0. | None | |||
The IMAP password for the user. Can not be modified from uOne. PMA or uOne Administration allows for modification. Do not use vendor-supplied software to change the user password, since such software does not synchronize the password attribute to the new password. | Input format: An alphanumeric value - up to 8 characters long.
Default = No Default | None | |||
Title for administrators. | GrtAdmin
Default = None | Equality, Presence, Substring |
Posted: Mon Sep 25 20:29:51 PDT 2000
Copyright 1989-2000©Cisco Systems Inc.