Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

CUCM LDAP Filter error

Hello, colleague!

I try to implement LDAP filter sync CUCM8.6 an Microsoft AD (Win2003 Server):

(&(objectCategory=person)(objectClass=user)(!userAccountControl:1.2.840.113556.1.4.803:=2)(ipPhone=*))

This filter get all users with nonempty "IP Phone" field.

I check my filter from AD - filter work correctly. When I try to point this filter to CUCM LDAP AD, I get error:

"Error while connecting to LDAP. Invalid filter used."

Can be required to specify OU and DC in my filter???

Please, help!

Everyone's tags (5)
1 ACCEPTED SOLUTION

Accepted Solutions
Super Bronze

CUCM LDAP Filter error

Hi

Try

(&(objectCategory=person)(objectClass=user)(ipPhone=*)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))

Aaron

Aaron Please remember to rate helpful posts to identify useful responses, and mark 'Answered' if appropriate!
7 REPLIES
Super Bronze

CUCM LDAP Filter error

Hi

Try

(&(objectCategory=person)(objectClass=user)(ipPhone=*)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))

Aaron

Aaron Please remember to rate helpful posts to identify useful responses, and mark 'Answered' if appropriate!
New Member

CUCM LDAP Filter error

Thank you, Aaron! Now filter work properly!

Super Bronze

Re: CUCM LDAP Filter error

Happy to help :-)

Aaron Harrison

Principal Engineer at Logicalis UK

Aaron Please remember to rate helpful posts to identify useful responses, and mark 'Answered' if appropriate!
New Member

CUCM LDAP Filter error

Aaron:

I was able to get a filter for the IP Phone filed to work fine on CUCM 8.5.1 and AD 2003.  Any reason you know of why your filter in this post is not working on my production CUCM 8.5.1 and AD 2008 r2? SRND doesn't say it's NOT supported.

John

Super Bronze

CUCM LDAP Filter error

Hi John

Have you checked that the ipPhone fields are populated?

There's no reason it shouldn't work, I've just tested it now...

Aaron

Aaron Please remember to rate helpful posts to identify useful responses, and mark 'Answered' if appropriate!
New Member

CUCM LDAP Filter error

The LDAP sync is pulling in all users—with and without IP Phone number populated.  We had about 1000 users in CM prior to the sync and now we have 3000 users after the sync.  A spot check of the users shows that we are not filtering out the users without the IP Phone field populated.  And I did double check to make sure I added the filter to the sync info!  See my screenshots:

New Member

CUCM LDAP Filter error

So after further investigation, I found out the the customer is using AD 2008 R2 64-bit.  Not sure if that has anything to do with it, but I finally got the following filter to work properly:

(&(objectclass=user)(&(ipPhone=*))(!(objectclass=Computer))(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))

The difference here versus the original filter format in this thread is the additional "&" in the ipPhone portion of the filter (and the parentheses for the section too).

Hope that is beneficial to someone down the road!

1224
Views
0
Helpful
7
Replies