One Presence Server, Multiple Active Directories

Unanswered Question
Apr 14th, 2009

Has anyone tried (and more to the point, suceeded) is integrating two or more Active Directories, each with Exchange, into a single Unified Presence Server on a single CUCM cluster?

It appears that I can create multiple Presence Gateways, one for each Exchange Server, but what about LDAP integration? Any idea what kind of headaches I'm in store for going into this?

We have it running on our network, but I need to enable it for at least one (and possibly more) organization with their own AD.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Tommer Catlin Tue, 04/14/2009 - 13:11

You can create multiple LDAP profiles, but the problem you will run into is the CUCM/LDAP sync. CUCM will only sync with one forest, one domain. Even in a trusted domain to domain environment, I dont think it's well tested for authentication to work across a trusted domain very well.

I'd setup a lab environment with the following to see if it does work:

AD Domain A

AD Domain B

Domain A and B have a two way trust between them.

CUCM syncs between Domain A and Domain B. (up to 5 or 5 profiles for Directory I believe)

CUCM then uses Domain A for authentication. In theory if one CUCM is asking for authentication for a user in Domain B, it should poll between the two way trust.

If that is the case, then Presence should act the same way. CUPC users login should use the same authentication process.

Now, theories are all great, but it needs to be tested. I thought another engineer tried to do this with a one way trust it authentication would not work. (or something like that)

For a common LDAP for CUPS to use, try to create one using a third party tool just LDAP lookups. This is all CUPS is using it for.. Directory lookup and searches. If you have a common LDAP directory for all domains, the LDAP lookup may be simple then. I cant recall the name, but enterprise customers will use a third party tool that basically syncs all LDAPs into one common directory based upon a set of rules, etc.

CHRIS CHARLEBOIS Fri, 04/17/2009 - 12:00

So the Presence Server only allows one gateway for each type (Outlook and SIP)? What are our options? Do we need another Presence Server? Is there someway to pass the presence data through one Exchange server if we have trusts in place, or some solution that will combine the presence information in one place so that CUPS can connect to it (Although I was thinking that was the purpose of CUPS in the first place).

htluo Fri, 04/17/2009 - 14:18

Though it might be a good idea, but it's very difficult to deploy multiple Exchange GW with one CUPS server. The reason is:

When CUPS server received a presence subscription from client (CUPC), it doesn't know which Exchange GW to talk to.

If you want it, you need to submit a feature request to Cisco account manager.

Thanks!

Michael

Actions

This Discussion