03-23-2010 08:00 PM - edited 03-15-2019 09:55 PM
Call Manager 6.1
AD sync
Issue:
We have users getting sucked into the corporate directory without ip phone numbers. For instance a user may have two AD accounts. One with a number and one without. But both get pushed into the corporate directory.
Is there a way to filter what goes into the corporate directory? We would like to only allow users in with phone numbers.
Customer doesnt want to restructure their AD containers.
Any bind hack or something we can do???
03-23-2010 09:26 PM
Yeah, you can modify the database table the CUCM uses to store the LDAP query used as part of the Directory Synchron
ization process. I am assuming you are fine with filtering the users out before they are synchronized with the CUCM end user table.
With 6.1 there is no native interface in the CCMAdmin portal to do this. You would need to use the SQL Query Toolkit (A plugin on your CUCM system) to accomplish this. Instead of reiterating the procedure here, I will just provide a link to a blog I wrote on this topic. It is part of a series (with the previous parts providing necessary background on SQL table structure tand the query toolkit itself). Check this out and see if it works for you.
Now, if your goal is to synchronize the accounts with the CUCM end user table BUT hide the user from the corporate directory then your best bet is to stand up a custom corporate directory application on a separate web server and then use either LDAP to your backend or AXL/SOAP to the CUCM to apply the filters. This sounds more difficult than it is but I guess that depends on where you are coming from. There is a SDK on http://developer.cisco.com that you can use to build a custom corporate directory application. The SDK is a bit dated and you will need to tweak it some but it will give you a good foundation. That is, if you need to sync the user objects and hide them from the corporate directory. If you just want to filter them out completely, than the blog I provided should do the trick.
HTH.
Regards,
Bill
Please remember to rate helpful posts.
Please remember to rate helpful responses and identify
03-24-2010 01:53 AM
Hi
Further to Bill's comments (+5); here's an example XML Directory service I knocked up recently.
You would need to edit it to contain the details of your directory, and run it on a domain member IIS server with the 'anonymous authentication' user changed from the default IUSRxxxx account to a domain account.
It's preset to return users and contacts who have ipPhone populated, but there are a few examples of LDAP filters in there you can replace the standard one with by commenting/uncommenting, and if it's a different AD phone number field you want to use just edit that filter.
Works for me, though I make no pretensions at being a programmer so test it fully
Enjoy
Aaron
Please rate helpful posts...
03-24-2010 05:26 AM
On CUCM 8, you may enter the filter string from CCMAdmin web interface. You don't need any SDK.
Michael
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: