Fallback to CUCM6.x directory from LDAP integration

Unanswered Question

Hi,


CUCM6.1 was integrated to LDAP (AD), now the customer wants to fallback to CUCM6.1 local directory to do authentication.


Is there any procedure we can do that?



I tested even I deleted the LDAP directory, deleted LDAP authentication, disabled the synchrozing form LDAP server, disable the DirSync service, all those user imported from AD can not be logon ccmuser page. I think they are still trying to use LDAP authentication.


Unless I re-create a new user on CCM webadmin page, I then succesfully logon the userpage.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
gogasca Sat, 03/15/2008 - 22:09
User Badges:
  • Green, 3000 points or more

What is the status for the users?

We dont import passwords.

Which password are they trying to use?

By default, the password is set to ciscocisco and the PIN is set to 12345



The status of the users are active;

Even I tried to reset the passwords, reboot the calllmanager, the same problem existed.


From tomcat trace information, they are still trying to connect to AD server for the authentication.


Not sure if Cisco supports for the fallback to local directory or not. or if there is any document we can follow for the procedure if Cisco supports.


Thanks

Jaime Valencia Sun, 03/16/2008 - 13:54
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    2011

did you had the users in there before the LDAP integration with AD?


the only way to have users remain is to have it before and with a matching attribute


•An existing account in the Unified CM database before synchronization is maintained only if an account imported from the LDAP directory has a matching attribute. The attribute that is matched to the Unified CM UserID is determined by the synchronization agreement.


from

Best Practices for LDAP Synchronization

http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/srnd/6x/directry.html#wp1045284



HTH


javalenc


if this helps, please rate

Hi Javalenc,


I tested both the same userid existed before integrating and not existed.


I tested in Lab environment as the following secenarios:


(1) Before integrating, create a CM user locally in CUCM, userID=vanuser1, Password=12345, PIN=12345; and assign it on the ccm end user group and test the user can reach the ccmuser page

(2) On AD, I created two accounts:

a. vanuser1, password=cisco;

b. haluser1, password=cisco;

(3) Then integrate the CUCM with the LDAP with synchrozation as well as the authentication;

at this time, on CUCM user directory, I can see two accounts are active and access to ccmuser page:

a. vanuser1 with password=cisco;

b. haluser1 with password=cisco;

(4)Then I deleted the LDAP directory on CUCM,disable the LDAP authentication, and disable the LDAP system configuration on CUCM, restarted/rebooted the CUCM; I can see all the accounts are active and then tried to re-logon the two userIDs with different passwords, none of them works:

a1: vanuser1 with password=cisco

a2: vanuser1 with password=12345

a3: vanuser1 with password=ciscocisco

I tried to reset the password for vanuser1 to cisco from CUCM webpage, and still can not logon ccmuser page;


I also tested the following account, none works:

b1: haluser1 with password=cisco

b2: haluser1 with password=ciscocisco

b3: reset haluser1 password=cisco,

can not logon the haluser1 userpage.


At this time, if I create a new userID=toruser1 with password=cisco at CUCM, I can successfully logon toruser1 ccmuser webpage.


Please let me know based on my above test, is there something wrong or we can not fallback to local CUCM directory if LDAP has been ever integrated once.


Thanks,

JJ

yosoypako Fri, 07/15/2011 - 01:21
User Badges:

Hello. Is it posible to fallback from a ldap integration to ccm local user database without losing user information and password/login using ccm 7.1(5)?

Actions

This Discussion