LDAP Advice, CUC and CUCM

Answered Question
May 20th, 2010

Here is my current scenario:

CUCM 6.1.3

Unity 4.2

CUCM is not using LDAP synchronization.

I will be upgrading CUCM to 7.X and enabling AD integration early next year, and plan to upgrade to Unity Connection 7.x later THIS year.  When I go to CUC, I want to enable LDAP.

In doing so, I want to begin AD integration to take advantage of CUCIMOC and other functionality.

My question is, what implications will I have if LDAP is enabled on CUC and not CUCM?  What are the advantages of LDAP integration on CUC?

Thanks

I have this problem too.
0 votes
Correct Answer by William Bell about 6 years 6 months ago

If you have LDAP enabled on CUC and CUCM the only implication is that end users (or admins) who log on to these systems will have a different set of authentication credentials.  Assuming you use LDAP for authentication, when a user logs onto the CUC PCA web portal they would use their LDAP credentials.  When they logon to the CUCM CCMuser portal they would use whatever credentials were configured in CUCM.

Outside of the user experience, CUC and CUCM do not exchange LDAP information.  IOW, CUCM will have no clue that you enabled LDAP on CUC.

CUC uses LDAP primarily as a provisioning channel.  As an admin you can create CUC users by:

1. LDAP sync

2. CUCM import (via AXL)

3. manual add

4. manual bulk add

The cool thing is that using one method does not exclude your ability to leverage another.  The main difference between #1 and #2 is that once you assign a user to use the LDAP sync, any changes to sync'd attributes in LDAP will propogate to CUC.  With the CUCM import (via AXL), there is no dynamic sync (though a manual method is available).

Last point of interest.  Keep in mind that when you sync to LDAP, there is a unique attribute that is chosen to sync users.  You may want to use the same attribute on CUCM and CUC.  This attribue winds up being the user ID as an FYI.

HTH.


Regards,
Bill

Please remember to rate helpful posts.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
William Bell Thu, 05/20/2010 - 07:03

If you have LDAP enabled on CUC and CUCM the only implication is that end users (or admins) who log on to these systems will have a different set of authentication credentials.  Assuming you use LDAP for authentication, when a user logs onto the CUC PCA web portal they would use their LDAP credentials.  When they logon to the CUCM CCMuser portal they would use whatever credentials were configured in CUCM.

Outside of the user experience, CUC and CUCM do not exchange LDAP information.  IOW, CUCM will have no clue that you enabled LDAP on CUC.

CUC uses LDAP primarily as a provisioning channel.  As an admin you can create CUC users by:

1. LDAP sync

2. CUCM import (via AXL)

3. manual add

4. manual bulk add

The cool thing is that using one method does not exclude your ability to leverage another.  The main difference between #1 and #2 is that once you assign a user to use the LDAP sync, any changes to sync'd attributes in LDAP will propogate to CUC.  With the CUCM import (via AXL), there is no dynamic sync (though a manual method is available).

Last point of interest.  Keep in mind that when you sync to LDAP, there is a unique attribute that is chosen to sync users.  You may want to use the same attribute on CUCM and CUC.  This attribue winds up being the user ID as an FYI.

HTH.


Regards,
Bill

Please remember to rate helpful posts.

hauchinango Thu, 05/20/2010 - 07:55

Bill,

Thank you very much for the detailed response.  This is exactly what I was looking for.

Actions

This Discussion