I have all the LDAP configuration setup. However, I let it sync over the weekend and I dont have anything in my end user list. I can't add any AD accounts to any of the current groups, etc. Perhaps I am misunderstaning something??? Can someone let me know what they had to do to get AD accounts integrated with CUCM v7.1? I dont have any errors. I am not sure what else to look at. Thanks,
Getting this working the first time can be confusing. You don't have to wait for it to sync overnight; it should sync in a matter of seconds after pressing the "Perform Full Sync Now" button. I'll bet that you have your LDAP User Search Base incorrect as that was a big stumbling block for me. I strongly suggest downloading a LDAP browser and pointing it at AD. It will tell you the exact LDAP path.
As an example, here's an LDAP path that I used last week setting up a customer's CUCM:
OU=Employees,OU=All User Accounts,DC=corp,DC=COMPANY,DC=org
Also you have to make sure that all the users in AD
have some entry in their Last Name field, as it is mandatory for CUCM. Any user in AD without Last Name will not be imported even if your settings are correct!! Hope this helps!!!!!
I am not having any luck here. Any additonal ideas before I submit a TAC?
I downloaded Softerra LDAP browser and successfully connected to and browsed my AD. Here are the configurations I am using in the LDAP sections of CUCM. These are the same settings I used in the LDAP browser too.
For the LDAP Authentication I have:
LDAP Manager Distinguished Name=
CN=MyLastName\, Matt,OU=01015,OU=Company Corporate,DC=company,DC=CBR,DC=INC
(I am a domain admin. Using my name for testing)
LDAP User Search Base=
For the LDAP Directory I have I used the exact same info from the LDAPP Authentication.
I dont see anything getting populated in my CUCM end user list.
Hmmm, not a stupid question. It is not activated. I will activateit. Which then makes me think, before I activate it...if this does work will I still be able to log in with the username/password I have configured. Itd doesnt get deleted does it, since it does not exist in AD? Or, should I created that account in AD first.
OK, so I already have my account there that I have been using to manage. I'll enable the DirSync service and see what happens. I am feeling optimistic.
My issues have been resolved. For anyone else who encounters similar issues...here is the strange, unexplained, sequence of events. Although I am sure some of the replies in here also assisted in the resolution as well. Thanks!
It turns out that I had a bad license file from Cisco. I had been dealing with both the license issue and this LDAP issue simultaneously. CUCM could see my sub server, but it would not allow it to be added to a CM group. As I worked with Cisco on that, they determined I was licensed incorrectly. I received a new license file and that issue was resolved. After that, I went to my end user list, and low and behold my user list was populated with AD accounts. Cisco explained the LDAP issue could not have been related to my license issue. However, one of those incidences that was awfully coincidental. Thought I'd share. Now, onto the next issue.