How to filter corporate directory entries?

Unanswered Question
Mar 23rd, 2010

Call Manager 6.1

AD sync


We have users getting sucked into the corporate directory without ip phone numbers. For instance a user may have two AD accounts. One with a number and one without. But both get pushed into the corporate directory.

Is there a way to filter what goes into the corporate directory? We would like to only allow users in with phone numbers.

Customer doesnt want to restructure their AD containers.

Any bind hack or something we can do???

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (4 ratings)
William Bell Tue, 03/23/2010 - 21:26

Yeah, you can modify the database table the CUCM uses to store the LDAP query used as part of the Directory Synchron

ization process.  I am assuming you are fine with filtering the users out before they are synchronized with the CUCM end user table.

With 6.1 there is no native interface in the CCMAdmin portal to do this.  You would need to use the SQL Query Toolkit (A plugin on your CUCM system) to accomplish this.  Instead of reiterating the procedure here, I will just provide a link to a blog I wrote on this topic.  It is part of a series (with the previous parts providing necessary background on SQL table structure tand the query toolkit itself).  Check this out and see if it works for you.

Now, if your goal is to synchronize the accounts with the CUCM end user table BUT hide the user from the corporate directory then your best bet is to stand up a custom corporate directory application on a separate web server and then use either LDAP to your backend or AXL/SOAP to the CUCM to apply the filters.  This sounds more difficult than it is but I guess that depends on where you are coming from.  There is a SDK on that you can use to build a custom corporate directory application.  The SDK is a bit dated and you will need to tweak it some but it will give you a good foundation.  That is, if you need to sync the user objects and hide them from the corporate directory.  If you just want to filter them out completely, than the blog I provided should do the trick.



Please remember to rate helpful posts.

Aaron Harrison Wed, 03/24/2010 - 01:53


Further to Bill's comments (+5); here's an example XML Directory service I knocked up recently.

You would need to edit it to contain the details of your directory, and run it on a domain member IIS server with the 'anonymous authentication' user changed from the default IUSRxxxx account to a domain account.

It's preset to return users and contacts who have ipPhone populated, but there are a few examples of LDAP filters in there you can replace the standard one with by commenting/uncommenting, and if it's a different AD phone number field you want to use just edit that filter.

Works for me, though I make no pretensions at being a programmer so test it fully



Please rate helpful posts...


This Discussion