LDAP Not Synching

Answered Question
Mar 22nd, 2010

I was recently not able to fine a couple of accounts and found that they were in a different OU than the one LDAP looks to. But after migrating the accounts to that OU, they are still not showing up in CUCM/User Managemnt/End User.

Can someone please assist? Thank you!

I have this problem too.
0 votes
Correct Answer by Tommer Catlin about 6 years 10 months ago

I use a program called softerea.  its free, binds to AD well.

http://www.ldapadministrator.com/

If I know I can bind correctly to the OU speficied with the user account/password..  it will work with CUCM then.

But you can also check the RTMT in CUCM LDAP logs and see if its skipping the name in question for some reason....    Or simply search in the logs for that usersname and see why it fails.     Its usually:

- does not have the correct parameters filled (First Name, Last Name, Display Name, etc)

- Odd character or space in username

- LDAP user account in CUCM does have access to the OU where the user is located.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Tommer Catlin Mon, 03/22/2010 - 10:07

Check to make sure the user ID is not already created as an Application User ID in CUCM.  If it is, LDAP will not sync those names.

Also, if the user ID has odd characters, or missing First Name or Last Name or Display Name ( I think) it will not grab those names.

Also check with a third party tool and bind to LDAP with the same account CUCM uses.  If you can pull up those accounts, then there are no security problems with the OU, users, etc.

If they AD admin accounts, who knows what those guy do with security on their accounts (Or IT staff)  They are always messing with something right?!

bergquist Mon, 03/22/2010 - 10:23

Thank you for the reply. I verified the first two items and that is not the case. So I am not sure how/what you mean by a third party tool for binding to LDAP (sorry, new to this), but there is the ADSI edit tool and I have looked at the properties for the accounts and can't see that there is anything that should be changed.

Lastly, you are also correct about the Admin accounts as one of them is mine! I had my account in a different OU for a while when expirimenting on some GPO's...

Correct Answer
Tommer Catlin Mon, 03/22/2010 - 10:47

I use a program called softerea.  its free, binds to AD well.

http://www.ldapadministrator.com/

If I know I can bind correctly to the OU speficied with the user account/password..  it will work with CUCM then.

But you can also check the RTMT in CUCM LDAP logs and see if its skipping the name in question for some reason....    Or simply search in the logs for that usersname and see why it fails.     Its usually:

- does not have the correct parameters filled (First Name, Last Name, Display Name, etc)

- Odd character or space in username

- LDAP user account in CUCM does have access to the OU where the user is located.

bergquist Mon, 03/22/2010 - 11:36

Thanks for the tip. I did the trace on the DirSync service and looked at the logs, but did not fine any reference to the two accounts I'm having the issue with. However there were some slight discrepancies between the fields of other accounts that are synching correctly. I'll wait fo the next ldap synch (any way to force it?) and see if that helps.

Will post an update soon. Thanks again.

bergquist Mon, 03/22/2010 - 13:16

Yes, that was it. There was an extra comma in one of the fields. Thanks again for your help!

Actions

This Discussion