cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
797
Views
0
Helpful
9
Replies

LDAP integration - CUCM 6.13

FureyaAtaker
Level 1
Level 1

We are in process of deciding whether or not to integrate our new CUCM 6.13 cluster with AD via LDAP.

What are some of the pros and cons? Mostly cons!!

9 Replies 9

Jaime Valencia
Cisco Employee
Cisco Employee

the only cons i could think of would be the need to manage users from AD (many consider it a pro, depends where you stand), that you can't reverse to internal directory, users are not deleted immediately but only after garbage process takes place.

PROS, you do not have to recreate every single user in CUCM, if you use things like presence deployment is way easier with an AD, you can use same for CUCMBE CUC or for your VM

HTH

java

if this helps, please rate

HTH

java

if this helps, please rate

What did you mean with "you can't reverse to internal directory"?

nesharm2
Level 1
Level 1

I would say it depends upon how many users u are dealing with and what is the frequency of MAC(Moves ADDS and Changes)

Once you integrate you would be able to change some the fields on the phone page.

You would have to have create a dummy account for adding a phone which is not there in AD

In short a little control is lost by CCM Administrator

What do you mean by

"In short a little control is lost by CCM Administrator"

can you be more specific?

I was told that we have too many OUs that cannot be re-organized at this time to deliver what we want. Also the required filtering will not be available via AD. This was our AD group's answer….

Hi FureyaAtaker,

This is correct as there are import limiations with LDAP.

Regards,

Justin

Hi Justin,

What are these limitations? After integrating my CMBE version 7 with AD - it only imported half of the users I needed. I added numerous ways of setting up the search base but to no avail. If it's a hit and miss on the import - is this an AD issue on how the accounts were created. I had to break integration to add the missing accounts 'manually' -- no fun at all.

Regards,

Eddie

James Hawkins
Level 8
Level 8

The best advice I can give is to read the LDAP Directory Integration section of the CUCM SRND.

http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/srnd/7x/directry.html

There is a limitation of five synchronisation agreements (i.e. search bases within AD) which can be a restriction for larger AD environments.

Major benefit for most users is that user authentication for accessing CCMUser, CTI apps etc. is synced with AD - no need for separate user names/passwords.

Please rate if helpful.

The workaround for five synchronizaton agreements limitation is creating a user with Read access only to the OU's or containers you want to synchronize.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: