Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

CUCM 7.1 and LDAP integration

I have all the LDAP configuration setup. However, I let it sync over the weekend and I dont have anything in my end user list. I can't add any AD accounts to any of the current groups, etc. Perhaps I am misunderstaning something??? Can someone let me know what they had to do to get AD accounts integrated with CUCM v7.1? I dont have any errors. I am not sure what else to look at. Thanks,

Everyone's tags (4)
10 REPLIES
Bronze

Re: CUCM 7.1 and LDAP integration

Getting this working the first time can be confusing.  You don't have to wait for it to sync overnight; it should sync in a matter of seconds after pressing the "Perform Full Sync Now" button.  I'll bet that you have your LDAP User Search Base incorrect as that was a big stumbling block for me.  I strongly suggest downloading a LDAP browser and pointing it at AD.  It will tell you the exact LDAP path.

As an example, here's an LDAP path that I used last week setting up a customer's CUCM:

OU=Employees,OU=All User Accounts,DC=corp,DC=COMPANY,DC=org

New Member

Re: CUCM 7.1 and LDAP integration

Thanks! I'll test with an LDAP browser. How can I confirm? Should I see my AD users in the End User link?

Bronze

Re: CUCM 7.1 and LDAP integration

Yes, if it works you will definitely see the AD users listed under End Users in CUCM.

New Member

Re: CUCM 7.1 and LDAP integration

Also you have to make sure that all the users in AD

have some entry in their Last Name field, as it is mandatory for CUCM. Any user in AD without Last Name will not be imported even if your settings are correct!! Hope this helps!!!!!

New Member

Re: CUCM 7.1 and LDAP integration

I am not having any luck here. Any additonal ideas before I submit a TAC?

I downloaded Softerra LDAP browser and successfully connected to and browsed my AD. Here are the configurations I am using in the LDAP sections of CUCM. These are the same settings I used in the LDAP browser too.

For the LDAP Authentication I have:

LDAP Manager Distinguished Name=
CN=MyLastName\, Matt,OU=01015,OU=Company Corporate,DC=company,DC=CBR,DC=INC

(I am a domain admin. Using my name for testing)

LDAP User Search Base=
OU=01015,OU=Company Corporate,DC=company,DC=CBR,DC=INC

For the LDAP Directory I have I used the exact same info from the LDAPP Authentication.

I dont see anything getting populated in my CUCM end user list.

Red

Re: CUCM 7.1 and LDAP integration

Stupid question: is DirSync service running or not?

Michael

http://htluo.blogspot.com

New Member

Re: CUCM 7.1 and LDAP integration

Hmmm, not a stupid question. It is not activated. I will activateit. Which then makes me think, before I activate it...if this does work will I still be able to log in with the username/password I have configured. Itd doesnt get deleted does it, since it does not exist in AD? Or, should I created that account in AD first.

Red

Re: CUCM 7.1 and LDAP integration

You should create an account under "User Management > Application Users".  Applilcation Users are not affected by LDAP sync.

Michael

New Member

Re: CUCM 7.1 and LDAP integration

OK, so I already have my account there that I have been using to manage. I'll enable the DirSync service and see what happens. I am feeling optimistic.

Thanks!

New Member

Re: CUCM 7.1 and LDAP integration

My issues have been resolved. For anyone else who encounters similar issues...here is the strange, unexplained, sequence of events. Although I am sure some of the replies in here also assisted in the resolution as well. Thanks!

It turns out that I had a bad license file from Cisco. I had been dealing with both the license issue and this LDAP issue simultaneously. CUCM could see my sub server, but it would not allow it to be added to a CM group. As I worked with Cisco on that, they determined I was licensed incorrectly. I received a new license file and that issue was resolved. After that, I went to my end user list, and low and behold my user list was populated with AD accounts. Cisco explained the LDAP issue could not have been related to my license issue. However, one of those incidences that was awfully coincidental. Thought I'd share. Now, onto the next issue.

4214
Views
0
Helpful
10
Replies