Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2096
Views
10
Helpful
6
Replies

LDAP integration with Unity Connection 7.1 questions?

Go to solution
srosenthal
Level 4
Level 4

‎08-28-2010 05:17 AM - edited ‎03-19-2019 01:29 AM

I have Unity Connection 7.1 up and running and want to turn on LDAP so that the users who have vm will be able to access CISCOPCA using their domain logon information instead of maintaining seperate passwords.

Only about 25% of our people have voice mail.  So my questions are this:

Would everyone who has a domain account then get a voice mail account or does unity just keep the voice mail accounts that are there now?

When turning on LDAP does the current voice mail box get erased and rebuilt?

Is it just a matter of syncronizing the current voice mail accounts with LDAP and do I have to have all voice mail accounts use LDAP or can some of them still be local to the unity connection?

Thanx, Seth

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
benjaminwatt
Level 5
Level 5
In response to srosenthal

‎08-30-2010 11:51 AM

You definitely don't have to delete any existing mailboxes, but I realised as soon as I saw your post that I forgot a vital step. Once you've setup your ldap directory in UC, you then export out the LDAP users from UC using the BAT tool, remove all the users that aren't in UC, or which you don't want to be synced with LDAP, and then you import back in the file. See http://www.cisco.com/en/US/docs/voice_ip_comm/connection/7x/user_mac/guide/7xcucmac105.html#Integrating_Existing_Cisco_Unity_Connection_User_Accounts_with_LDAP_User_Accounts for the full details.  This isn't as involved as it may sound, and is usually just done the once for your existing users. If any users fail to be synced because of discrepancies in names you can just re-import the spreadsheet with just them in it after fixing the problem.  It also doesn't import in ldap users if they don't exist in UC, but it's easier to spot genuine failures if you remove them from the csv before you do the import.

View solution in original post

6 Replies 6

Go to solution
benjaminwatt
Level 5
Level 5

‎08-28-2010 06:08 AM 

srosenthal wrote:
Would everyone who has a domain account then get a voice mail account or does unity just keep the voice mail accounts that are there now?

It just keeps the voice mail accounts that are there now. All the others will appear in the 'Import Users' area when you select to find users in the LDAP Directory, but they won't be given voice mail accounts until you import them into Unity Connection.

 When turning on LDAP does the current voice mail box get erased and rebuilt?

No, the voice mail box remains exactly as it was before. You can check if a given user has been synced with your LDAP directory by clicking on their account in Unity Connection and checking the status is given as "Active User Imported from LDAP Directory".

Is it just a matter of syncronizing the current voice mail accounts with LDAP and do I have to have all voice mail accounts use LDAP or can some of them still be local to the unity connection?

Yes, that's pretty much it, and as mentioned above you can check the status of a user to see if they are synced with the LDAP directory. Unlike on CUCM, you can have a mix of local users and LDAP users.

Have a look at the Unity Connection Design Guide for more on the LDAP integration.

Go to solution
srosenthal
Level 4
Level 4
In response to benjaminwatt

‎08-28-2010 11:27 AM

Thank you for all the information.

I just want to make sure that if a current user/vm box has the exact same name it will only syncronize and not erase the existing box?

Seth

0 Helpful

Go to solution
benjaminwatt
Level 5
Level 5
In response to srosenthal

‎08-29-2010 02:29 AM

For any current user in Unity Connection that is also found in your LDAP directory, all the sync will do is update certain user fields of that user, it will leave everything else about their voicemail account alone. Their existing messages, recorded greetings will all be left intact.

You can see exactly which user fields these are by going into the 'LDAP Directory Configuration' and creating a new LDAP directory (you don't have to actually create one yet, clicking 'Add New' will just show you the settings). Do make sure that the user's extension number is entered correctly in your LDAP directory, that's the most important one to get right!

Any users in your Unity Connection setup that are not found in your LDAP directory will be left exactly as they are, although if you ever do create an account with the same username in your LDAP directory then these will be synced up during the next scheduled sync.

When you then turn on LDAP authentication, that's the point at which users logging into the Cisco PCA will start using their LDAP password to login. If you were ever to turn this off again it would revert to whichever manual password you'd set for that account.

Hope that clears it up, we did this for our own Unity Connection server a few months back for a few hundred users and it worked perfectly, but there is a lack of clear information about how all this works out there when it comes to LDAP. Doing the same on a CUCM server is a lot more terminal if you get it wrong as any account that is not also in your LDAP directory is deleted a couple of nights later, you don't get to have a mix like in UC!

All the same, make sure you have a recent backup before you do a change like this, just in case.

0 Helpful

Go to solution
srosenthal
Level 4
Level 4
In response to benjaminwatt

‎08-30-2010 08:52 AM

Ben,

We went to migrate users today on our Unity Connection 7.1 system with the LDAP directory.  LDAP was added succesfully and all users were listed.  However when we tried to sync one user it failed.  The fail message said that the username was already in use on the vm system and could not syncronize.

The only way to get it to work was to delete the vm account on UC and then do a sync which would create the VM account with the LDAP information.

We duplicated this also in the lab.

Seth

0 Helpful

Go to solution
benjaminwatt
Level 5
Level 5
In response to srosenthal

‎08-30-2010 11:51 AM

You definitely don't have to delete any existing mailboxes, but I realised as soon as I saw your post that I forgot a vital step. Once you've setup your ldap directory in UC, you then export out the LDAP users from UC using the BAT tool, remove all the users that aren't in UC, or which you don't want to be synced with LDAP, and then you import back in the file. See http://www.cisco.com/en/US/docs/voice_ip_comm/connection/7x/user_mac/guide/7xcucmac105.html#Integrating_Existing_Cisco_Unity_Connection_User_Accounts_with_LDAP_User_Accounts for the full details.  This isn't as involved as it may sound, and is usually just done the once for your existing users. If any users fail to be synced because of discrepancies in names you can just re-import the spreadsheet with just them in it after fixing the problem.  It also doesn't import in ldap users if they don't exist in UC, but it's easier to spot genuine failures if you remove them from the csv before you do the import.

Go to solution
srosenthal
Level 4
Level 4
In response to benjaminwatt

‎09-03-2010 05:21 AM

Ben,

That did it.  Thank you.

Seth

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents