Dear NetPro gurus,
One of my customer has recently purchased a pair of brand new Cisco CallManager 8.0. They have the following questions:-
1) Since the customer had integrated their Microsoft LDAP with CUCM 8.0, is it possible to pull in users as 'Application User' into CUCM so that these special accounts can be used as accounts similar to CCMAdministrator (but its pulled in from LDAP & won't show up in Corporate Directory)
2) If not possible, for existing 'End Users', what 'User Group' do I need to give these selected End Users so that they can perform all the functions exactly like the CCMAdministrator account??
My customer has also purchased a pair of brand new Cisco Unity Connection 8.0. The Unity Connection servers are currently linked to the CallManager servers via AXL.
3) For existing Users with mailbox in Unity Connection, what do I need to give these selected End Users so that they can perform all the functions exactly like the UnityAdmin account when I install the Unity Connection System?? (i.e. full rights to the system)
Solved! Go to Solution.
1.) Why? I'm pretty sure the answer is no, but what are you attempting to accomplish?
2.) Standard Audit Users; Standard CCM Super Users; Standard RealTimeAndTraceCollection
3.) Remote Administrator; System Administrator
Thanks for your reply Hillman.
My customer now has the following questions:-
For CUCM 8.0
1) Can the CUCM 8.0 sync the Password but NOT the PIN from LDAP?? Since the customer doesn't want to change the way Extension mobility login works
2) If so, assuming users is logged into their own LDAP already when they logged to their PCs in every morning, when they try to open the CUCM CCMAdmin page, can it do 'auto-login'??
For Unity Connection 8.0
3) Can Unity Connection mailbox users pull the End User passwords from CUCM End Users??
1.) That is the default behavior. PINs are stored in the CUCM database and passwords in LDAP, when LDAP integrated.
2.) I'm not aware of any SSO auto-login ability.
3.) If Unity Connection is also LDAP integrated and using LDAP for authentication then the CUCM and Unity passwords would be the same.
If this was helpful please provide feedback.
If the Unity Connection server is using the AXL integration instead of LDAP:-
If the customer updates the End User passwords on CUCM, would the Web Application password on Unity Connection for that user be reflected / updated as well?? In other words, is the AXL sync 'Real-time'??
The AXL sync process never "syncs" the CUCM passwords. It is just a method to import users and if things like names, extension, etc. change they can be synced in Unity. If CUCM users are local, i.e. not LDAP integrated, and Unity users are pulled from CUCM and not LDAP integrated, their passwords are local as well. Short story you'll end up with two user accounts with potentially two separate passwords.
I hope that helps.
But due to original customer requirement, the CUCM 8.0 is integrated with customer's Microsoft LDAP, its just Unity Connection is not and only using AXL back to CUCM.
In that case, would it be any different?? Or Unity Connection 'user passwords' still not be able to sync with CUCM??
Thanks so much for your help again.
Thanks for your confirmation.
The reason is because the customer forgot to integrate their Unity Connection server to their LDAP from day one.
And now since the system is already in production, they are afraid that if they 'enable LDAP DIrectory' and 'enable LDAP authentication' now, it will delete all their existing mailbox and get re-created... but all the customization like 'greeting wav files', voicemail passwords and call transfer and alternate greetings settings will be lost.
The product at the link below syncs Extension Mobility logins with Windows logins
I have not used it myself but it looks cool