cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
7492
Views
25
Helpful
18
Replies

LDAP only import AD users whose IP Phone attribute is not empty

daniel-ma
Level 1
Level 1

In Cisco SRND, the only way to import users with Cisco phones is to putting them into different OUs. However, in our case, it is not possible, since we have multiple business units, and each business unit has its own USERS OU. Plus it is hard to maintain accurately who has Cisco phone who does not.

Is there a way to only sync import users whose IP Phone attribute in AD is not empty, or by Group Membership, or any other suggestions?

18 Replies 18

Justin Brenton
Level 4
Level 4

Hi Daniel-ma,

This doc should help in your design. Dependent on the number of affected users you may just want to import all users and just disable the unused/unassigned users.

Sometimes this is your only choice.

http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/srnd/4x/42drctry_ps556_TSD_Products_Implementation_Design_Guide_Chapter.html

HTH, plz rate

Regards,

Justin

How about ipPhone field is not populated?

elavoie
Level 1
Level 1

Hi Daniel, you must use a LDAP Filter to import only users that have someting in the ipPhone field. With the help of AXL Toolkit you will be able to modify the default filter with this :

If you need more help let me know...We use this on each of our customer.

Hi

I like to apply a filter like this. Can you please give me a hint how to do this?

Kind regards

Peter

You must install AXL SQL Toolkit on your PC. It's a plugin under Application/Plugins in CUCM Admin Page.

Then rename sample.xml file to sample.org copy the attached sample.xml file to axl directory.

Finally run this from your PC:

java -cp .\classes;.\lib\saaj-api.jar;.\lib\saaj-impl.jar;.\lib\mail.jar;.\lib\activation.jar;.\lib\jaxm-api.jar;.\lib\jaxm-runtime.jar;.\lib\xercesImpl.jar;.\lib\xml-apis.jar AxlSqlToolkit -username=ccmdministrator -password=123456 -host=x.x.x.x

You need to put your username, password and host according to your setup.

You can edit sample.xml to reflect the filter you want to use. In my example we grab all valid user with something in the ipPhone field from AD.

Before modifying filter you can view the current filter using this in your query

Hi

I downloaded the axlsqltoolkit.zip file, but I can't find a .exe file to install on my client.

Regards

Peter

Just extract in c:\axl

Just did it once again, downloaded the file, extracted it to local drive, but there is no .exe file to install. I'm running CUCM 7.1(2)

Cheers

Peter

Sorry, you don't need to install. just run :

java -cp .\classes;.\lib\saaj-api.jar;.\lib\saaj-impl.jar;.\lib\mail.jar;.\lib\activation.jar;.\lib\jaxm-api.jar;.\lib\jaxm-runtime.jar;.\lib\xercesImpl.jar;.\lib\xml-apis.jar AxlSqlToolkit -username=ccmdministrator -password=123456 -host=x.x.x.x

in DOS Prompt under c:\axl

Hi

okay, I understand so far. When I run the command under C:\axl I recieve this:

Exception in thread "main" java.lang.UnsupportedClassVersionError: Bad version number in .class file

at java.lang.ClassLoader.defineClass1(Native Method)

at java.lang.ClassLoader.defineClass(ClassLoader.java:620)

at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:124)

at java.net.URLClassLoader.defineClass(URLClassLoader.java:260)

at java.net.URLClassLoader.access$100(URLClassLoader.java:56)

at java.net.URLClassLoader$1.run(URLClassLoader.java:195)

at java.security.AccessController.doPrivileged(Native Method)

at java.net.URLClassLoader.findClass(URLClassLoader.java:188)

at java.lang.ClassLoader.loadClass(ClassLoader.java:306)

at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:268)

at java.lang.ClassLoader.loadClass(ClassLoader.java:251)

at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:319)

C:\axl>

What I'm missing?

Regards

Peter

You probably have more than one java.exe in your PC. Search for java.exe and run the command in the java folder. Try different java.exe until it work.

Hi,

I have a proproject now whereby the Customer wants us to filter the LDAP synchronisation to only pull in users with the IpPhone Field set in their AD.

I have followed the procedures here from my PC and with a CUCM 6.1(2) on VMWare. Admittedly I have no AD but was just trying the process to see what happened.

Anyway, it appears to have worked - i.e. no error messages were given and obviously nothing has happened with CUCM.

So this leads to a question. Now I have confidence on how to run this process, how do I actually carry it out in a Live Network. What I will be deploying is:

1. CUCM 7.1(2)

2. Microsoft AD

3. LDAP Synchronisation probably using a Sync agreement that starts at the root of the customers AD (they aren't a large customer)

So the question is, when and how do I apply the filter ? There is no setting in CUCM Admin to reference a filter so is it a case of doing a full synchronisation then running the filter script from an Admin PC to actually strip out any users without an IP Phone field entry ?

If this filter has to be applied after synchronisation then does it have to be run every day if LDAP synchronisation is configured to run every night ?

Many thanks,

Matt

You apply the filter just once. Further sync will be filtered.

You must use AxlToolkit to push the filter into CUCM.

http://forums.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Unified%20Communications%20and%20Video&topic=General&topicID=.ee6c82b&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40^1%40%40.2cd31e25/4#selected_message

OK Thanks Eric.

I'm still a little confused though as earlier in the thread you mentioned the following:

"you must use a LDAP Filter to import only users that have someting in the ipPhone field. With the help of AXL Toolkit you will be able to modify the default filter with this :

So how is this pushed to CUCM and what does this do that is different from:-

java -cp .\classes;.\lib\saaj-api.jar;.\lib\saaj-impl.jar;.\lib\mail.jar;.\lib\activation.jar;.\lib\jaxm-api.jar;.\lib\jaxm-runtime.jar;.\lib\xercesImpl.jar;.\lib\xml-apis.jar AxlSqlToolkit -username=ccmdministrator -password=123456 -host=x.x.x.x

in DOS Prompt under c:\axl

This appears to be two separate scripts so I am wondering what the order of work is once I have configured the LDAP Synchronisation in CUCM Admin ?

Many thanks,

Matt

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: