I have CUCM V7.1.3 with local users. We are now considering integrate user management with LDAP, which is Windows2003 in our network. We have more than 20 different business units span across more than 20 offices. However only six of these offices are part of the centralized IPT. The problem is our AD users are grouped base on business units. For example, the users in Atlanta office may be in six different OUs and CUCm has a limit of five LDAP directories. Is there a way in LDAP to search users base of AD Security group?
Any suggestions will be appreciated.
The link I provided should give you a working example on how you would go about updating the LDAP filter used by a CUCM system running 7.1. The example focuses on the Cisco provides AXL SQL Query toolkit (download plugin). But, the Cisco AXL/SOAP API can be accessed in multiple ways. You may also be able to execute a SQL update from a command line. I believe I have done that in my lab but I don't recall which version and I am unable to test now. The query syntax would be identical to what I provided in the URL referenced in my last post.
You could leverage LDAP filters and an AD attribute (or several attributes)
to filter the user objects that will be synchronized. With 7.1(3) you would
need to use the AXL API to modify the LDAP filter. With 8.x the CCMAdmin
portal includes an interface to modify this parameter. I did a write up on
the pre-8.x approach here:
Please remember to rate helpful posts.