Limit LDAP searches with CUCM 6.1?

Unanswered Question
Apr 18th, 2008

When we do an LDAP integration in CUCM 6.x, it grabs everyone, which is fine. I could do separate OUs and just grab those OUs. But is there a way to exclude ldap entries from the directory sync, or is basically sync all? (System accounts, or people we do not want listed in the corp directory)

I dont think there is way. We may have to use a third party or develop our own XML directory.

cheers

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3.5 (2 ratings)
Loading.
Michael Owuor Fri, 04/18/2008 - 14:24

You are right. There's currently no support for filtering out some users in the chosen search base. As you stated, you would have to control this by restricting access of the LDAP Manager Distinguished Name account to just certain OUs.

Regards,

Michael.

Tommer Catlin Thu, 05/29/2008 - 08:27

First thing is to check is that your AD users are showing up in CUCM. If they are, LDAP syncing is working with the account you are using.

To login to the CCMUSER page, the user must have certain permissions *within* CUCM applied to them before they can login. I had this problem once and drove me crazy. Verify the user you are trying to login with has the correct permissions on their account in CUCM.

Also, if the password or user name they are using has odd characters or something not standard, this may throw off authentication.

I can get the users synced fine.

I added the users the "Standard CCM End User" user group, which I think is the only thing to do to get an End user to be able to login to the CCMUSER page.

I think I have a ! in my password, let me reset to a simpler password and see if it would work.

Is there a list of characters not to use.

Thanks,

Joel

Tommer Catlin Thu, 05/29/2008 - 08:56

I cant recall which characters have troubles. I think it's a bug and it's in the bug list.

If you elevate the user to everything in CUCM can they login?

Tommer Catlin Thu, 05/29/2008 - 09:03

You will have to check the RTMT log and see what the issue with the login is with the users. Im not sure why its not allowing you in.

Unless it is something with the LDAP and how it's binding. Double check your LDAP configuration and make sure everything is correct in CUCM. I believe there is a check box for authentication also.

I got it fixed.

The LDAP User search base under - LDAP Authentication must be greater that the User search base under - LDAP Directories.

I had this under LDAP Authentication

CN=users,DC=mickey,DC=org

This under LDAP directories

ou=Network Services, ou=Users, ou=Info Tech, ou=Jacksonville, dc=mickey, dc=org

Since my directories were not under CN=USERS, I had to change my user search base under LDAP Authentication to be

DC=mickey,DC=org

hope this helps others who who are as stupid as me...lol

joel

maharris Thu, 05/29/2008 - 12:18

Thanks for posting this, you know you will not be the only one running into this, and you will save the next person a lot of grief!

Mary Beth

Actions

This Discussion