×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Cisco CUCM 9.1-2 LDAP integration question

Unanswered Question
Apr 8th, 2014
User Badges:

I will keep as brief as possible:  CUCM cluster was integrated to LDAP Directory using EMPLOYEE ID field as the key field.  Moving to deploy JABBER and needed to move to SAMAcctName integration to make work.  Cluster users use Extension Mobility across the board, no assigned phones, so EM profiles very important to maintain.  Worked with TAC extensively and tried their suggestions, resulted in finding a bug that would not let us bulk import end users in batches larger than 49 (@ 3000 end users, was not fun).

Changed all LDAP synched users to LOCAL accounts and deleted existing LDAP integration.  All accounts we make local remain local, all other accounts (from other regions) now INACTIVE ready for garbage collection.  Once garbage collection done we will be remaking the LDAP integration using the SAMAcctName as the key field.

What i need to know; when i do this, is the new LDAP integration going to recognize the UNIQUE IDENTIFIER field in the END USER EXPORT and change that end user and all associations to the SAMAcctName account on the new synch?  Ive noted that any users who are created as LOCAL from the beginning do not have a UNIQUE IDENTIFIER, only those that were LDAP at one time even if made local now.

Screen capture below top shows a user account made local manually after previously being synched with EMPLOYEE ID, bottom shows that same user in another CUCM cluster that is using SAMAcctName integration.  What i have been told by one TAC engineer is that the system will use this UNIQUE ID and merge the local acct with the LDAP synch SAMAcct name even though the user id currently is numeric.  A second engineer told me that the two accounts would remain seperate (one Numeric ID, one SAMAcctName ID).  However it works does not matter to me i just have to communicate to end users if there will be a change.  @ 2500 users log in and out every day.  I cannot find any documentation outlining the unique identifier field or its purpose.

 

Any help appreciated


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
hallinanpv1 Tue, 04/08/2014 - 15:17
User Badges:

Leo,

 

Thank you for responding so quickly; and im trying to go to that link/discussion referenced, however it keeps cycling me back to my original post.  Not a noob on the site despite what my stats show so not sure why issues.  have tried in different browsers and after reboot.

 

Can you encapsulate what was said in the post to a sentence or two?

hallinanpv1 Mon, 04/14/2014 - 07:23
User Badges:

So, did the work over the weekend and disappointing results.

The UNIQUE IDENTIFIER did not work as either expected or as Cisco TAC advised it would.

 

TAC Advised that the account would be overwritten and that all would become LDAP synched after the USER IDs were changed from numbers to the SAMAcctName.  Not only did that not happen, but the SAMAcctName accounts did not import because the LOCAL accounts were there with the Unique identifier.  So now our only option is to manually change the User ID's of the local accounts and perform an LDAP synch then they will be good.  Following a TAC suggested process to export and then change user id to SAMAcctName and then import was a bust.  The USER ID is the keyfield and trying to change that anything other than manually will not work.

 

We have a couple other options, either way we are looking at a very impactful event either a significant number of hours to change manually or a significant impact to the end user being forced to log off.

Actions

This Discussion

Related Content