cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
576
Views
0
Helpful
8
Replies

Migrating from Unity 4.0 to Unity Connections 7.0 (with LDAP)

lfulgenzi
Level 7
Level 7

I'd like to be able to migrate our Unity 4.0 deployment of about 7000 users (so scalability, automation is a must) to Unity Connection 7.0, however, I'd like to make sure that the migration moves the users into the LDAP sync'ed user.

Is this possible? I know there are migration tools out there, i.e. COBRAS, but when I went through the tool's video training file, I really didn't see anything that talked about this.

I tried creating a local userID, then enabling LDAP, but the userID did not become LDAP sync'ed.

Are there other tools that will help?

8 Replies 8

lindborg
Cisco Employee
Cisco Employee

COBRAS (or any other migraiton tool such as the old CSV import and such) have no relationship with the LDAP synch - there's nothing special you need to do when creating (or importing) users that will make them "LDAP-able" later. I believe this is always a two step process regardless of if you're importing them or creating them from scratch. You have to use BAT the run through and match the user's up with the LDAP records if memory serves - I think the LDAP TOI material for the Connection 7.0 release covers some of this:

http://www.ciscounitytools.com/TOI_CUC701.htm

Either way - what you have to do for manual create/sync is the same thing you'll have to do for COBRAS imports or CSV imports or whatever - there's no way to do it in one step because of the way Call Manager's LDAP sync libraries come into play (their DB is not open to external access).

I've read through the LDAP training, but can't recall anything about converting local accounts to LDAP enabled accounts. I'll have to review it again.

I did take another look at the BAT CSV file required/optional field definitions and I'm wondering if what I should do is:

1) restore from COBRA

2) update with a CSV file that has two fields in it: alias and DirectoryID

DirectoryID is defined from the local online help pages as:

The unique identifier for the user in the corporate or organization directory (for example, in Active Directory, if Active Directory is used).

I created a local account, then tried to update it using the above method, and it didn't work. It still says it's a local account, not LDAP synchronized. :(

i know this can be done - I don't have a 7.0 system handy to play with but there have been plenty of sites that did just this type of thing.

I know you need to fire up DirSync, configure LDAP, perform a full sync and then using BAT "LDAP enable" the users in that order for this to work (i.e. making a manually created or imported user LDAP synced).

The fact that you say it can be done is helpful. I'll trust you on that. ;)

Would you be able to send off some pointers when you get your hands on a system or should I open a TAC case?

So the tech folks sent me some instructions for how folks upgrading from 2.1 are getting the LDAP synch working - hopefully this may be helpful to you:

============

1) Upgrade to 7.0

2) Configure LDAP sync and authentication as described in the docs. No data is being transferred yet.

3) Perform a full LDAP sync. This LDAP sync is just bringing data from the LDAP directory into a CallManager database on the Connection server. (There is a CallManager database on every Connection server, not just a co-res server.)

4) From BAT, export "Users from LDAP directory." This export is exporting LDAP user data from the CallManager database on the Connection server and setting an LDAP flag in the CSV file to "yes."

5) Edit the csv file to remove any users that dont need to be migrated to LDAP sync/authentication. If you want every user in the LDAP directory to be a Connection user, you skip this step.

6) Run BAT in "Update" mode and feed in the CSV file. The import associates Connection users with LDAP users and sets the LDAP flag in the Connection database to "yes." In effect, you're just using this import to update the LDAP flag.

Sweet! We are going from Unity 4.0 to new 7.0 hardware, but the process looks simple enough.

I will try this out tomorrow if I can with a local account and with COBRA data and see what I come up with. I'll respond here, but might end up opening a TAC case to offload the responsibility.

Thanks again.

I was able to try this on a local account (not a COBRA restored account, but I think it will be the same thing) and it worked.

It looks like the field that makes this work is "LdapCcmUserId".

A few comments:

1) This field is not included in the local online help files nor on CCO.

2) What other hidden fields are there?

I ask #2 simply because I am trying to update system contacts with the "Transfer Enabled" option enabled, the correct "partition" and "Transfer Extension" but these fields are not available as far as the CSV file help files are concerned.

I opened a TAC case and they have said it's a bug and will be fixed in the next version of the BAT tool, (which should be available soon from what I understand) but I'm wondering if it's a matter of using the right fields.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: