Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
623
Views
0
Helpful
7
Replies

UCM 6.x Integration with Multiple Active Directory

giftonabel
Level 1
Level 1

‎02-17-2009 12:02 PM - edited ‎03-15-2019 04:17 PM

Hello. I am hoping that someone can help me with a the below question:

Is it possible to add three different AD entries under the LDAP Authentication page, having different LDAP user search base or is it that i can have Authentication to only one LDAP server?

Thanks,

Labels:
0 Helpful
7 Replies 7

htluo
Level 9
Level 9

‎02-19-2009 01:28 PM

sure it is possible. that's call "fault tolerance" :)

Michael

http://htluo.blogspot.com/

0 Helpful

giftonabel
Level 1
Level 1
In response to htluo

‎02-24-2009 10:02 AM

One more thing to update, these 3 AD's are in three different Forests,

Is it still possible?

0 Helpful

Justin Brenton
Level 4
Level 4
In response to giftonabel

‎02-24-2009 03:42 PM

Hi giftonabel,

Here is the direct link that will help you out with the integration.

You may need to add 3 different ldap search bases in cucm depending on your AD domain root and forrest structure.

http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/srnd/6x/directry.html#wp1045302

HTH, Please rate

Regards,

Justin

0 Helpful

thisisshanky
Level 11
Level 11
In response to Justin Brenton

‎02-24-2009 04:05 PM

Also you can only add up to 5 profiles

Sankar Nair
UC Solutions Architect
Pacific Northwest | CDW
CCIE Collaboration #17135 Emeritus
0 Helpful

giftonabel
Level 1
Level 1
In response to Justin Brenton

‎02-25-2009 03:03 AM

Hi Justin,

I have gone through this link earlier, it actually mentions about the scenario of Single AD Forest with Multiple Trees under it, in my scenario it is Multiple Forests and each forest has there own tree and i need to have the LDAP authentication with all three forests.

Regardsm

Gifton

0 Helpful

htluo
Level 9
Level 9
In response to giftonabel

‎02-25-2009 06:43 AM

For authentication, it is impossible to have multiple context.

Michael

http://htluo.blogspot.com/

0 Helpful

Yorick Petey
Level 4
Level 4
In response to htluo

‎02-26-2009 01:15 AM

Indeed, it's not possible to authenticate when you have multiple forests, but it is if you have a single forest with multiple trees.

You have to use userPrincipalName instead of sAMAccountName in LDAP System configuration for UserID.

http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/srnd/6x/directry.html#wp1045381

"As mentioned in the section on LDAP Synchronization, in order to support synchronization with an AD forest that has multiple trees, the UserPrincipalName (UPN) attribute must be used as the user ID within Unified CM. When the user ID is the UPN, the LDAP authentication configuration page within Unified CM Administration does not allow you to enter the LDAP Search Base field, but instead it displays the note, "LDAP user search base is formed using userid information." "

The only negative aspect is for Extension Mobility, UserID is more complicated to enter.

Yorick

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents