Questions on Corporate Directory in Convergence

Similar Messages

• Convergence - corporate directory questions

  We need Convergence to search an external corporate directory. Our external directory is populated by a more authoritative database, and the data is sanitized to not contain restricted (FERPA) data.
  1. When will support for an external corporate directory be added to Convergence?
  2. How do you disable the default option to search the Corporate Directory? We can't allow users to search the backend ldap server, and it is misleading to have it present in the interface.
  3. Ideally, we want this to be configured on a per domain basis, since some of our domains will need to search a different corporate directory. Will there be a way to add dojo customizations to change which directory(s) will be searched?
  Jesse

  jessethompson wrote:
  We need Convergence to search an external corporate directory. Our external directory is populated by a more authoritative database, and the data is sanitized to not contain restricted (FERPA) data.
  1. When will support for an external corporate directory be added to Convergence?You can achieve this already e.g.
  ./iwcadmin -w password -o ab.corpdir.[default].ldaphost -v "remoteldap.domain.com"
  ./iwcadmin -w password -o ab.corpdir.[default].ldapport -v 389
  ./iwcadmin -w password -o ab.corpdir.[default].ldapbinddn -v 'cn=Directory Manager'
  ./iwcadmin -w password -o ab.corpdir.[default].ldapbindcred -v 'password'Side Note: I just logged a new bug with regards to attempting to configure a failover ldaphost system using the steps above -- a single ldaphost does work however:
  bug #6825805 - "Failover corporate LDAP server not configurable"
  2. How do you disable the default option to search the Corporate Directory? We can't allow users to search the backend ldap server, and it is misleading to have it present in the interface.There is an option to enable/disable the Corporate Address-book, unfortunately it doesn't work, at least not in my pre-release patch -07 test installation:
  ./iwcadmin -w password -o ab.corpdir.[default].enable -v falsebug #6825820 - "Disabling Corporate Directory causes Convergence to hang during loading of interface"
  3. Ideally, we want this to be configured on a per domain basis, since some of our domains will need to search a different corporate directory. Will there be a way to add dojo customizations to change which directory(s) will be searched?It is already possible to configure per-domain settings for corporate/personal addressbooks. For example I created a new domain (another.domain.com) and set the following:
  ./iwcadmin -w password -o ab.{another.domain.com}.psrootpattern -v 'ldap:///piPStoreOwner=%U,o=%D,o=PiServerDb'
  ./iwcadmin -w password -o ab.{another.domain.com}.pstore.defaultserver -v domainid1
  ./iwcadmin -w password -o ab.{another.domain.com}.pstore.[domainid1].ldaphost -v remoteldap.domain.com
  ./iwcadmin -w password -o ab.{another.domain.com}.pstore.[domainid1].ldapport -v 389
  ./iwcadmin -w password -o ab.{another.domain.com}.pstore.[domainid1].ldapbinddn -v "cn=Directory Manager"
  ./iwcadmin -w password -o ab.{another.domain.com}.pstore.[domainid1].ldapbindcred -v password
  ./iwcadmin -w password -o ab.{another.domain.com}.maxpagedsearch -v 10
  ./iwcadmin -w password -o ab.{another.domain.com}.corpdir.[corpdomainid1].urlmatch -v ldap://corp-directory1
  ./iwcadmin -w password -o ab.{another.domain.com}.corpdir.[corpdomainid1].searchattr -v 'entry/displayname,@uid'
  ./iwcadmin -w password -o ab.{another.domain.com}.corpdir.[corpdomainid1].lookthrulimit -v 3000
  ./iwcadmin -w password -o ab.{another.domain.com}.corpdir.[corpdomainid1].ldaphost -v remoteldap.domain.com
  ./iwcadmin -w password -o ab.{another.domain.com}.corpdir.[corpdomainid1].ldapport -v 389
  ./iwcadmin -w password -o ab.{another.domain.com}.corpdir.[corpdomainid1].ldapbinddn -v "cn=Directory Manager"
  ./iwcadmin -w password -o ab.{another.domain.com}.corpdir.[corpdomainid1].ldapbindcred -v passwordThe options above are described here:
  http://wikis.sun.com/display/CommSuite/Sun+Convergence+Administrative+Tasks#SunConvergenceAdministrativeTasks-Howtosetupadomainbasedconfigurationforaddressbook%3F
  Note: I did hit yet-another problem when configuring the above:
  ADDRESS_BOOK: ERROR from com.sun.comms.client.ab.wabp.WABPEngine  Thread
  httpSSLWorkerThread-80-0 at 2009-04-03 04:36:34,55
  1 - WABPEngine.process: exception in search_entry.wabp  Too many opened paged searches :
  psearchBook: too many psearch: 0I was able to resolve this error by setting:
  ./iwcadmin -w password -o ab.{another.domain.com}.maxpagedsearch -v 10Regards,
  Shane.

• Corporate Directory mail group members

  Our installation of Messaging Server (Sun Java(tm) System Messaging Server 7u3-15.01) has a domain in which we have dozens of mail groups (i.e. mailing lists) that are used by many members of the domain. These show up as entries in the Corporate Directory in Convergence webmail. Different people determine the membership of different lists, and in the Delegated Administrator, I have set ownership of these lists accordingly. However, it appears that the only way that anyone other than me can change the group memberships is to make them an Organization Administrator, which gives them far more access that I'd like in Delegated Administrator.
  The question is this: is there a way to edit list memberships whereby the group owner(s) have access to their own groups and nothing else?
  The optimal solution would be to do this via Convergence webmail since our users are familiar with it, but if there's a way to do this in Delegated Administrator, that would be OK, too.
  BTW, this is using Sun Directory Server.
  Thanks,
  Bill

  I take it that i'm doing the entire process incorrectly.
  Thanks for everyone whom viewed this post. I have worked on this solidly for over 2 weeks now. The only solution I can come up with is doing sort of the same thing but with .NET. The .NET solution is seamless, not that I want to use it. But maybe its a limitation of the java packages.
  Thanks again.

• Convergence 2 - How to hide Corporate Directory Groups?

  first post!
  Convergence 2 shows Groups under Corporate Directory in the Address Book interface as well as the Compose autocomplete.
  We don't use CAB groups, so how do I go about disabling Groups from showing up in the interface?

  As always, you are such a reliable source of help! :-)
  That robots.txt you mentioned...do what with that?  I mean, how does that tell it "dont index the images"? For that matter, there are tons of pages on the server I don't want being indexed yet either because they are half baked for later development.
  Thanks!
  Create the file, and upload it to the root directory.  It's as simple as that.  But you'll have to read the details on the google hits to see the exact syntax of the exclusions.
  Now - here's why this is happening....
  Somewhere, google has found a link to this URL -
  http://bluehippotravel.com/photos/destinations/TH/
  The bluehippotravel host has NOT disabled directory browsing.  When you browse to that URL, instead of getting a FORBIDDEN message like you should, you get a page listing the contents of that directory.  Google is indexing that page.  Ask your host to turn off directory browsing for that folder.

• Convergence corporate directory display details

  Hi Shane,
  For address book corporate directory,
  beside showing beside information :
  Email Addresses
  Work:
  Addresses
  Phone Numbers
  Instant Messaging
  Other Information
  Can i customize the display info from ldap attribute ?
  Cheer
  Sam

  Hi Sun,
  Currently i only able to display
  Email Addresses
  Instant Messaging
  Which attribute i need to edit in order for me to display my address,
  or can certain attribute can be enable to display in convergence
  Cheer
  Sam

• Convergence 2 Corporate Directory - Removing "Groups" Dialog

  Under the Address Book, under Corporate Directory, there is a dialog for "Groups".
  There are certain internal LDAP groups that are in there that we don't want our users having access to. How do I keep these from displaying? Is it possible to disable the entire Groups dialog?

  Under the Address Book, under Corporate Directory, there is a dialog for "Groups".
  There are certain internal LDAP groups that are in there that we don't want our users having access to. How do I keep these from displaying? Is it possible to disable the entire Groups dialog?

• Need to add mobile (cell) phone in corporate directory via LDAP

  Hello All
  Can I just start by saying that I am not a developer so expect some dumb questions to follow.
  We have cucm 6.1 and am using ldap sync to AD. The problem is that we would like to query the mobile phone field within AD and present it on the phone when the directory button is pressed.
  Is this possible ?
  From what I have read in the forums I have to create another directory ???
  I have downloaded the sdk 4.1 and tried to copy the asp files from the following directory C:\CiscoIPServices\ASP\ldap
  I have replaced the variables
  var s = new ActiveXObject("LDAPSEARCH.LDAPSearchList");
  s.server = "ldap.cisco.com";
  s.searchbase = "ou=people,o=cisco.com";
  with
  var s = new ActiveXObject("LDAPSEARCH.LDAPSearchList");
  s.server = "demounity.demo.voyager.net.uk";
  s.searchbase = "ou=users,ou=demo,dc=demo,dc=voyager,dc=net,dc=uk";
  s.SetOutputTitle("ActiveX Directory Search", 45);
  s.SetOutputPrompt("Records %s to %e of total %c", 45);
  s.AddReturnAttr("givenName,sn","Name","%1,%2", 20);
  s.AddreturnAttr("telephonenumber","Telephone","%1", 20);
  s.AddreturnAttr("mobile","Mobile","%1", 20);
  s.Addreturnattr("mail","Email","%1", 20);
  s.AddSortingAttr("telephonenumber", 1);
  s.SearchByEmail(email);
  I made these changes to all the asp files and referenced them all in a file called test_main.asp. Which is similar to the ASP_main.asp.
  I have run the regsvr32 LDAPSearch.dll and have added the following url to the phones directory url field ttp://192.168.9.101/CiscoIPServices/ldap/test_main.asp. Where 192.168.9.101 is my AD and IIS server (demounity.demo).
  The phone only display the Missed, received and places calls when I press the directory button. The corporate directory is missing.
  Are there any steps that I am missing or am I barking up the wrong tree all together
  to achieve what I need to ?
  I have also configured the CiscoUrlproxy for what reason I don't really understand.
  Thanks
  Feisal

  Since the CCM is a black box now, unless you pull out a HD and mount it on another Linux box where you have full access, or booting from a Linux boot CD there's no way to access the file system.
  However, you posted an ASP sample so I'm not sure if a jsp (java server page) would help you a lot - there's also no way of telling how much logic will be in the jsp page and how much logic will be behind in a compiled class - e.g. my own directories only have very basic logic (reading input, writing output, limit the number of results per page) and everything else is done in a bunch of jar files - so using them would only work if you can restrict yourself to doing exactly what my frontend page does.

• Custom Corporate Directory Query Based on Department

  I need to limit specific queries from Corporate Directory search based on Department. CCM 4.1(3)
  My Goal is to create separate directory options, each associated with a specific department (I've done this) and then limit the query to ONLY users in that department (I need help here. :-|
  The Flow as Joe sees it ~
  User selects directory button.
  (Based on info from xmldirectory.asp...)
  User is provided with the following menu:
  1. Missed Calls
  2. Placed Calls
  3. Received Calls
  4. Department A
  5. Department B
  6. Department C
  (I've got this far by adding new menu items to the xmldirectory.asp file, and then I tie those to separate xmldirectoryinput.asp files, which I plan to use to limit the query based on dept)
  <MenuItem>
  <Name><% = outputString( "Department A", "dictionary.lblCorporateDirectory" ) %></Name>
  <URL><% = getBaseURL() %>A_xmldirectoryinput.asp</URL>
  </MenuItem>
  <MenuItem>
  <Name><% = outputString( "Department B", "dictionary.lblCorporateDirectory" ) %></Name>
  <URL><% = getBaseURL() %>B_xmldirectoryinput.asp</URL>
  </MenuItem>
  <MenuItem>
  <Name><% = outputString( "Department C", "dictionary.lblCorporateDirectory" ) %></Name>
  <URL><% = getBaseURL() %>C_xmldirectoryinput.asp</URL>
  </MenuItem>
  Next when the user selects 4. Department A, they should receive the standard
  First Name:
  Last Name:
  Number:
  However, When the user selects "search", I ONLY want them to see directory entries in Department A, and not the entire Corporate Directory. So I need A_xmldirectoryinput.asp to limit the query to Department A. Actually ~ I've just added the Department menu item via the xmpldirectoryinput.asp file, and prepopulated it with the Deparment of my choice, though now, I'm stuck on the xmldirectorylist.asp, and how to Query for the DepartmentNumber ... Help please??? :)
  If they select Department B, ONLY Department B, etc.
  What do I need to add to, or reference in the xmldirectoryinput.asp to restrict the search to a specific department?
  Also - Would any changes, additions, etc. be required in the xmldirectorylist.asp file?
  THANKS IN ADVANCE!!!!! :)
  Joe

  Please use IDM forum for IDM related questions. This is proxy forum.

• CallManager 5.1(3) corporate directory name change

  I'm trying to change the text on the phone for "Corporate Directory" to another name. I've been told to set up a external "LDAP Server" (using Active Directory (Win2003 Server). I've gotten to the point where I have "IP Blue" talking to my new AD but I cannot get the phones (7970's) to work. Note this is in a lab getting ready to deploy

  Hi
  Frankly speaking, I did not understand you question properly. But for now, as recomended, please change all the hostnames to IP Address under the enterprise parameters.
  It would be better if you explain the issue a little more in detail - if in case the above does not fix it.
  Cheers!!
  -Rahil

• Access to Corporate directory doesn´t work in cucm 9.1

  Hello,
  we are trying to access Corporate directory from ip phones without LDAP integration. The IP Phone gives me that answer when I press directory button.
  Error XML[4]: error analisis
  My question is if LDAP integration is neccesary to access Corporate directory.
  Thanks in advance

  Are you using a locale different from the default (En-US)? Can you check if the phone locale that was installed on the CUCM is compatible with the phone firmware? Can you try a higher phone firmware and higher locale which is compatible with that phone firmware?

• Jabber IM for iPhone and corporate directory search

  Hello!
  In the Administrator's Guide (http://www.cisco.com/en/US/docs/voice_ip_comm/jabber/iPhone/8.6/Cisco_Jabber_IM_for_iPhone_Admin.pdf)
  I cannot  find an example of how configuring the client to search in the corporate  directory, or the
  requirements to do this. I don't understand how it  works, in Cisco Jabber for Windows we configured UDS to search into CUCM  directory, but it was also possible to use a external LDAP.
  I tried also to configure a LDAP Profile in CUPS, and to associate the user to this profile but Jabber IM cannot find any contacts.
  CUPS 8.6(3), Cisco Jabber IM 1.0.0
  Regards,
  Mirko

  Jabber IM for iPhone use the LDAP profile configurable on the CUPS Admin page,  Application->Cisco Jabber->LDAP Profile.
  At first you have to configure your LDAP Server (Application->Cisco Jabber->LDAP Server): add here the  IP Address of the LDAP  Server with port 3268 and protocol type TCP, when you don't need to use  LDAPS.
  After that configure the LDAP profile and associate the user to this profile: you can  do this either in the user setting page (Application->Cisco Jabber->User  Setting) or directly on the LDAP Profile page.

• Corporate Directory - host not found intermitently

  We have a new installation of a CUCM cluster (10.5.2.10000-5).
  The phones are a 7821 and 8851.
  Corporate directory was working fine but all of a sudden it just says Requesting... and then it says Host Not Found.
  Then all of a sudden it will start working on some phones but on others it will still not work.
  If we restart a phone on which it is working at the moment after reboot it doesn't work.
  Does anyone have an idea how to fix this?
  Regards.

  Directories or corporate directories?
  As for the status messages, you can find them from:
  Settings > Status > Status Messages
  I'm suspecting that the issue is with the Trust list:
  Try deleting the Trust list from the IP-Phone by going to:
  Settings (you will see a lock that is locked), unlock it by pressing **#
  Once its unlocked proceed:
  Security Connfiguration  > Trust List > ITL File 
  Once reach this section you will see the ITL File(ITL File, CAPF Server,TVS, TFTP Server)
  to verify if its the same files from you tftp servers(login to cucm) and issue the below command
  show itl
  admin:show itl
  Length of ITL file: 5438
  The ITL File was last modified on Wed Jul 27 10:16:24 EDT 2011
          Parse ITL File
  Version:        1.2
  HeaderLength:   296 (BYTES)
  BYTEPOS TAG             LENGTH  VALUE
  3       SIGNERID        2       110
  4       SIGNERNAME      76      CN=CUCM8-Publisher.bbbburns.lab;
                                  OU=TAC;O=Cisco;L=RTP;ST=North Carolina;C=US
  5       SERIALNUMBER    10      21:00:2D:17:00:00:00:00:00:05
  6       CANAME          15      CN=JASBURNS-AD
  *Signature omitted for brevity*
  The next sections each contain their purpose inside of a special Function parameter. The first function is the System Administrator Security Token. This is the signature of the TFTP public key.
          ITL Record #:1
  BYTEPOS TAG             LENGTH  VALUE
  1       RECORDLENGTH    2       1972
  2       DNSNAME         2
  3       SUBJECTNAME     76      CN=CUCM8-Publisher.bbbburns.lab;
                                  OU=TAC;O=Cisco;L=RTP;ST=North Carolina;C=US
  4       FUNCTION        2       System Administrator Security Token
  5       ISSUERNAME      15      CN=JASBURNS-AD
  6       SERIALNUMBER    10      21:00:2D:17:00:00:00:00:00:05
  7       PUBLICKEY       140
  8       SIGNATURE       256
  9       CERTIFICATE     1442    0E 1E 28 0E 5B 5D CC 7A 20 29 61 F5
                                  8A DE 30 40 51 5B C4 89 (SHA1 Hash HEX)
  This etoken was used to sign the ITL file.
  The next function is CCM+TFTP. This is again the TFTP public key that serves to authenticate and decrypt downloaded TFTP configuration files.
          ITL Record #:2
  BYTEPOS TAG             LENGTH  VALUE
  1       RECORDLENGTH    2       1972
  2       DNSNAME         2
  3       SUBJECTNAME     76      CN=CUCM8-Publisher.bbbburns.lab;
                                  OU=TAC;O=Cisco;L=RTP;ST=North Carolina;C=US
  4       FUNCTION        2       CCM+TFTP
  5       ISSUERNAME      15      CN=JASBURNS-AD
  6       SERIALNUMBER    10      21:00:2D:17:00:00:00:00:00:05
  7       PUBLICKEY       140
  8       SIGNATURE       256
  9       CERTIFICATE     1442    0E 1E 28 0E 5B 5D CC 7A 20 29 61 F5
                                  8A DE 30 40 51 5B C4 89 (SHA1 Hash HEX)
  The next function is TVS. There is an entry for the public key of each TVS server to which the phone connects. This allows the phone to establish a Secure Sockets Layer (SSL) session to the TVS server.
          ITL Record #:3
  BYTEPOS TAG             LENGTH  VALUE
  1       RECORDLENGTH    2       743
  2       DNSNAME         2
  3       SUBJECTNAME     76      CN=CUCM8-Publisher.bbbburns.lab;
                                  OU=TAC;O=Cisco;L=RTP;ST=North Carolina;C=US
  4       FUNCTION        2       TVS
  5       ISSUERNAME      76      CN=CUCM8-Publisher.bbbburns.lab;
                                  OU=TAC;O=Cisco;L=RTP;ST=North Carolina;C=US
  6       SERIALNUMBER    8       2E:3E:1A:7B:DA:A6:4D:84
  7       PUBLICKEY       270
  8       SIGNATURE       256
  11      CERTHASH        20      C7 E1 D9 7A CC B0 2B C2 A8 B2 90 FB
                                  AA FE 66 5B EC 41 42 5D
  12      HASH ALGORITHM  1       SHA-1
          ITL Record #:4
  BYTEPOS TAG             LENGTH  VALUE
  1       RECORDLENGTH    2       455
  2       DNSNAME         2
  3       SUBJECTNAME     61      CN=CAPF-9c4cba7d;
                                  OU=TAC;O=Cisco;L=RTP;ST=North Carolina;C=US
  4       FUNCTION        2       CAPF
  5       ISSUERNAME      61      CN=CAPF-9c4cba7d;
                                  OU=TAC;O=Cisco;L=RTP;ST=North Carolina;C=US
  6       SERIALNUMBER    8       0A:DC:6E:77:42:91:4A:53
  7       PUBLICKEY       140
  8       SIGNATURE       128
  11      CERTHASH        20      C7 3D EA 77 94 5E 06 14 D2 90 B1
                                  A1 43 7B 69 84 1D 2D 85 2E
  12      HASH ALGORITHM  1       SHA-1
  If they dont match, go back to the below steps and erase the ITL File
  Security Configuration  > Trust List > ITL File 
  At this point you will see ITL File, there will be a more button.
  press more and click on erase it will says "earsing CTL and ITL Files" and reboot

• Hiding users in Corporate Directory

  I am trying to remember how to hide users in CD in CM. Referring to this tech note, hiding users is not that of a big deal, but this user gets removed from CD in Callmanager and hence the user doesnt show up in the phone. The disadvantage of this method is that you can modify any user related parameter from the web interface. How can we work around this ? Is there another alternative method ?
  http://www.cisco.com/en/US/products/sw/voicesw/ps556/products_tech_note09186a00804d2087.shtml

  Sankar you might want to try the following:
  HIDE USERS
  DC DIRECTORY
  You can hide users from beeing visible in the Corporate Directory.
  For doing this, you have 2 options:
  1) Set the first name to blank and put the whole name in the last name
  field. Full Administrator users will not appear in the corporate
  directory.
  2) To hide a user in DC Directory:
  First, cut and paste the following 4 lines into a file called "hideuser.ldif"
  text file, and save it in the C: drive of the publisher callmanager server.
  dn: cn=[userid],ou=users,o=cisco.com
  changeType: modify
  replace: Description
  Description: CiscoPrivateUser
  Set the [userid] to be the user you would like to hide. Example for the
  UserID "ctifw":
  dn: cn=ctifw,ou=users,o=cisco.com
  changeType: modify
  replace: Description
  Description: CiscoPrivateUser
  Next run the following command from a cmd prompt on the publisher callmanager
  server in order to set the description field in DC Directory.
  ldapmodify -h -p 8404 -D "cn=Directory
  Manager,o=cisco.com"
  -w -c -f hideuser.ldif
  From 3.3 onwards, system users (or special users) are filtered out from the
  search results. The users are filtered based on the attribute "Description".
  If "Description" is CiscoPrivateUser, the user is not displayed in search
  results from Corporate Directory or Users->Global Directory.
  AD DIRECTORY
  To hide a user in AD do the following:
  * If integrated with AD 2000:
  dn: cn=[userid], CN=users, dc=[domain], dc=com
  changeType: modify
  replace: Description
  Description: CiscoPrivateUser
  Save this file on the AD server as "hideuser.ldif".
  Then execute on the AD server:
  ldifde -i -f hideuser.ldif
  * If integrated with AD 2003:
  Copy the following 5 lines (please note the '-' after the four lines. In
  AD2K3, this is required and has changed from AD2K) into a text file and
  replace the [userid] with the userid of the user that needs to be
  hidden. Replace the [domain] with your domain. Save this file on the AD
  server as "hideuser.ldif".
  dn: cn=[userid], CN=users, dc=[domain], dc=com
  changeType: modify
  replace: Description
  Description: CiscoPrivateUser
  Then execute on the AD server:
  ldifde -i -f hideuser.ldif

• How to use SPNegoLoginModule with a corporate directory

  Hi!
  I'm trying to use the kerberos login module for the integrated windows authentication. I found in help.sap.com how to set up the kerberos for an ADS data source. But this works only when using the ADS as unique data source with the windows account of the user as uniquename.
  Our portal currently uses the corporate directory (a ldap system) for authentication. The corporate directory is also defined as data source in the dataSouceConfiguration.xml file.
  And now we should implement the windows authentication via kerberos in additon to this. Kerberos uses a windows domain controler for authentication.
  My problem is that the kerberos principal name used for authentication (=the windows account) is not available in our corporate directory.
  However, there is a unique attribute available in both, in the domain controller and in the corporate directory which could be used for mapping. But I do not know how to do this.
  I thought that I have to set up the windows domain controler as a second data source in the dataSourceConfiguration.xml file. But I'm not sure about this.
  Have someone experience how to do this? Hints are very welcome!
  Thanks
  Christian

  I found a solution for this problem, I don't know it's best practice but here it is :
      public void validate(FacesContext context, UIComponent component, Object value) throws ValidatorException
          String errortext;
          Pattern pat=Pattern.compile(".+@.+\\.[a-z]+");
          Matcher m= pat.matcher(value.toString());
          if(!m.find())
              ResourceBundle bundle =
              ResourceBundle.getBundle("be.vdab.resources.ApplicationResources", context.getViewRoot().getLocale());
              errortext = bundle.getString("erroremail");
              FacesMessage message = new FacesMessage(errortext);
              throw new ValidatorException(message);
      }

• Using Microsoft Exchange to access Gmail (Google Apps for Business) contacts, what is the best way to sync the Corporate Directory?

  Using Microsoft Exchange to access Gmail (Google Apps for Business) contacts, what is the best way to sync the Corporate Directory? For instance, we have 40 staff members and wish to populate each phone with the Gmail profile. Right now we have a third party Android app that does this and copies my contacts to each phone. This is problematic. Any solutions to populate a phone with email and phone contacts? Even it it requires double entry for me...thats ok.

  Oh, I meant Leopard does do more than Tiger Server.
  I don't know enough about Server, even less abut Syncing.
  SL is to new, not enough time to iron out the kinks yet imho.
  One day SL will be better than Leo, but...
  I'd ask over in server...
  http://discussions.apple.com/category.jspa?categoryID=96
  Or perhaps Collaboration Services...
  http://discussions.apple.com/forum.jspa?forumID=1352
  They may even have a different opinion on SL.