How to Ahutenticate CUCM 6.1 with 2 LDAP

Answered Question
Jan 16th, 2009
User Badges:

Hi: We have CUCM6.1 with LDAP Ahutentication and we are migrating ourdomain, and at present time have end users on both, does someone now how to make CUCM to chek both servers on diferent domains? I have revised several PDF but they say it have to be on a global domain is that the only solution?

Correct Answer by Jonathan Schulenberg about 8 years 3 months ago

Are the domains in the same forest?

Do the domains have the same DNS hierarchy (ie. a.domain.local and b.domain.local); or are they, non-contiguous (a.domain.local. and b.fubar.local)?


As long as they are in the same forest you can still authenticate against both domains.


If the DNS heirarchy is not consistent, you'll need to use userPrincipalName as the User ID attribute instead of sAMAccountName. This changes usernames from jdoe to [email protected]. Because the username will now be unique across the different domains, the global catalog servers will know which account UCM is asking to bind with.


This is discussed further in the UCM SRND: http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/srnd/7x/directry.html

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Jonathan Schulenberg Fri, 01/16/2009 - 08:10
User Badges:
  • Super Bronze, 10000 points or more
  • Cisco Designated VIP,

    2017 IP Telephony

Are the domains in the same forest?

Do the domains have the same DNS hierarchy (ie. a.domain.local and b.domain.local); or are they, non-contiguous (a.domain.local. and b.fubar.local)?


As long as they are in the same forest you can still authenticate against both domains.


If the DNS heirarchy is not consistent, you'll need to use userPrincipalName as the User ID attribute instead of sAMAccountName. This changes usernames from jdoe to [email protected]. Because the username will now be unique across the different domains, the global catalog servers will know which account UCM is asking to bind with.


This is discussed further in the UCM SRND: http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/srnd/7x/directry.html

cegonzalez Thu, 03/26/2009 - 12:44
User Badges:

Thanks for the answer, Yes they were, and we finally did it puting the ahutentication on a server of higer level who could see both domains

Tks.


Actions

This Discussion