Limit LDAP searches with CUCM 6.1?

Unanswered Question
Apr 18th, 2008
User Badges:
  • Green, 3000 points or more

When we do an LDAP integration in CUCM 6.x, it grabs everyone, which is fine. I could do separate OUs and just grab those OUs. But is there a way to exclude ldap entries from the directory sync, or is basically sync all? (System accounts, or people we do not want listed in the corp directory)


I dont think there is way. We may have to use a third party or develop our own XML directory.

cheers

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3.5 (2 ratings)
Loading.
Michael Owuor Fri, 04/18/2008 - 14:24
User Badges:
  • Cisco Employee,

You are right. There's currently no support for filtering out some users in the chosen search base. As you stated, you would have to control this by restricting access of the LDAP Manager Distinguished Name account to just certain OUs.


Regards,

Michael.

Tommer Catlin Thu, 05/29/2008 - 08:27
User Badges:
  • Green, 3000 points or more

First thing is to check is that your AD users are showing up in CUCM. If they are, LDAP syncing is working with the account you are using.


To login to the CCMUSER page, the user must have certain permissions *within* CUCM applied to them before they can login. I had this problem once and drove me crazy. Verify the user you are trying to login with has the correct permissions on their account in CUCM.


Also, if the password or user name they are using has odd characters or something not standard, this may throw off authentication.

I can get the users synced fine.


I added the users the "Standard CCM End User" user group, which I think is the only thing to do to get an End user to be able to login to the CCMUSER page.


I think I have a ! in my password, let me reset to a simpler password and see if it would work.


Is there a list of characters not to use.


Thanks,

Joel

Tommer Catlin Thu, 05/29/2008 - 08:56
User Badges:
  • Green, 3000 points or more

I cant recall which characters have troubles. I think it's a bug and it's in the bug list.


If you elevate the user to everything in CUCM can they login?

Tommer Catlin Thu, 05/29/2008 - 09:03
User Badges:
  • Green, 3000 points or more

You will have to check the RTMT log and see what the issue with the login is with the users. Im not sure why its not allowing you in.


Unless it is something with the LDAP and how it's binding. Double check your LDAP configuration and make sure everything is correct in CUCM. I believe there is a check box for authentication also.

I got it fixed.


The LDAP User search base under - LDAP Authentication must be greater that the User search base under - LDAP Directories.


I had this under LDAP Authentication

CN=users,DC=mickey,DC=org


This under LDAP directories

ou=Network Services, ou=Users, ou=Info Tech, ou=Jacksonville, dc=mickey, dc=org


Since my directories were not under CN=USERS, I had to change my user search base under LDAP Authentication to be

DC=mickey,DC=org


hope this helps others who who are as stupid as me...lol


joel

maharris Thu, 05/29/2008 - 12:18
User Badges:
  • Silver, 250 points or more

Thanks for posting this, you know you will not be the only one running into this, and you will save the next person a lot of grief!


Mary Beth

Actions

This Discussion