UC7.12a LDAP sync networking

Unanswered Question
Jul 9th, 2009
User Badges:

We have 2 servers, both LDAP synced and authenticating against LDAP. Both servers can search for and find the same user from LDAP and we can create the same user on both servers. When we digitally network the servers, we still see the same 2 users in the search (created on each UC server) and we can still add a new user twice, one on each server. We can probably get around this by searching at different levels on AD or use filtering. Anyone had any similar issues...TIA, Jeff

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
htluo Thu, 07/09/2009 - 08:33
User Badges:
  • Red, 2250 points or more

I'm sorry, but we need more information to answer the question.


1) "We have 2 servers"

What kind of server? Unity Connection? or Active Directory? What are their versions?


2) "both LDAP synced and authenticating against LDAP".

What's the relationship of the two servers? Are they totally independent to each other? Or they are publisher/subscriber in the same cluster?


3) What's the symptom of the problem?

i.e. What you expected and what's actually happening?


Thanks!

Michael


jeff.singh_2 Thu, 07/09/2009 - 12:10
User Badges:

Hi Michael,


apologies for not making myself clear, thanks for the response,

2 Unity Connection 7.12a servers, the servers are single servers that are networked together.

The issue is that we can search for the same user from each server and can make the same user a connection user on each server, same name, alias, extension etc - is that correct or should the system not allow us to do that.


s.casper_2 Fri, 07/10/2009 - 02:51
User Badges:

Check out this snippit from:

http://www.cisco.com/en/US/docs/voice_ip_comm/connection/7x/design/guide/7xcucdg040.html


If you are using Digital Networking to network two or more Connection servers that are each integrated with an LDAP directory, do not specify a user search base on one Connection server that overlaps a user search base on another Connection server, or you will have user accounts and mailboxes for the same Connection user on more than one Connection server.




--------------------------------------------------------------------------------


Note You can eliminate the potential for duplicate users by creating an LDAP filter on one or more Connection servers. See the "Filtering LDAP Users" section in the "Integrating Cisco Unity Connection with an LDAP Directory" chapter of the System Administration Guide for Cisco Unity Connection Release 7.x.


I am looking to use LDAP synch and autentication with two Connection Clusters and this looks like a real pain to me.


Steve



jeff.singh_2 Fri, 07/10/2009 - 03:22
User Badges:

Thanks for the reply Steve, I agree it is a pain and agree the only way is to put in specific filters which we have tested and worked fine in the lab and also the non overlapping searches will mean close work with the customers AD guys. cheers...Jeff

s.casper_2 Fri, 07/10/2009 - 08:59
User Badges:

No problem, I am confused as to how the filter works - does it allow or stop users from being imported? Here is the default filter from one of my lab systems


Current filter:

(&(objectclass=user)(!(objectclass=Computer))(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))


Googling this it looks like this is filtering accounts that are disabled so I would guess that this filter blocks these users.


This is the stuff that really makes me miss tip and ring!

jeff.singh_2 Fri, 07/10/2009 - 11:33
User Badges:

I think it searches and brings in users but not computer accounts or disabled users. We added a description filter for VM1 and this only pulled in users with VM1 in the description ( it was only on a test system I don't have access to the system to tell you the exact format)

Actions

This Discussion