CRS 5.0 problem with CUCM 6.1(2) LDAP AD integration

Unanswered Question
Aug 18th, 2009

Actually, not so much a problem as a mistake I made when changing over from the built-in directory to AD integration (CUCM 6.1(2))...I forgot to verify that one of my IP-IVRs had a sync-able user ID in the AppAdmin group, so now, as far as I can tell, I don't have a way to authenticate to AppAdmin. I tried creating one of the IDs that I know is there as an application user in CUCM, but that doesn't seem to work.

What are my options? I know I can reset the config on the IP IVR using the cet (?) tool, to get back to the original administrator ID, but does that mean I wipe out the rest of the config on the box as well?

Could I turn off LDAP temporarily on CUCM, and recreate the old CRS admin user, then create a LDAP sync-able admin on the CRS box?

Looking for any suggestions. Thanks!

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Jonathan Schulenberg Tue, 08/18/2009 - 08:13

I made this mistake once during an install. You can create an EXACT copy (name spelling, capitalization, username, etc) of the user within AD and resync UCM LDAP. It should map through and work again assuming the old account has not completed the tombstone process.

CCX only looks at End User accounts so creating an Application User won't work.

David Wolgast Tue, 08/18/2009 - 10:09

Thanks for the didn't work, likely because it has been several days since the change and the obsolete IDs have been purged.

I guess my next question is: If I use the cet tool, will I have to redo my entire configuration (even deleting and recreating my ports & triggers)? Will I have to re-upload my scripts and prompts?

Can I go part of the way, enough to assign the admin user and retain the rest of my config?

Jonathan Schulenberg Tue, 08/18/2009 - 14:10

My understanding is that it does not drop the database tables during initial setup; however, I have not had to do this first hand. I would recommend a good backup first. :)

Isaac Romero Wed, 08/19/2009 - 00:05

Hi David,

I opened a case on PDI yesterday for a similar issue and that's what they answered me on keeping the previous config:

"It is not really a fresh install but more of a password recovery procedure. Basically, here you are resetting the Appadmin to initial setup and it should not affect/delete existing configuration.

Once you are able to login to Appadmin using Administrator/ciscocisco and go through initial setup. It will remember most of the settings you used during the initial install."

Here you've got the procedure:

Hope this helps.




This Discussion