Customer is planning on integrating CUCM with LDAP for user sync/authentication but their current user IDs in CUCM do not match the sn names in AD case sensitivity, for example user in CUCM is defined as JSmith, but in AD it is jsmith. Will the users be synced after the integrtion or will CUCM mark these as INACTIVE? I do not see anything in SRND discussion case sensitivity for LDAP integration.
AFAIK the ldap sync is not case sensitive.
If this helps, please rate
I would say (though I've not tested it) that since the userID and other fields in CUCM are not case sensitive (i.e. both JOHN and john can't exist), and the AD fields involved (even sAMAccountName) are not case sensitive, that shouldn't change when the two sync.
I've also never stumbled accross a problem relating to case though I can guarantee that due to MS being non-case-sensitive the users we've been syncing in will have been a fairly random mix of all lower, all upper, and title case.
In fact- the only exception I've found (and I presume this is just a bug that has gone unreported as it's a fairly little-used API) is in the EM API where a case difference stops login/logout requests working.
Please rate helpful posts..
Thanks guys, my main concern here is UCCX agent login IDs, today they use John, in AD they are defined as john, so after the integration they will need to start using john when loggin in, unless I change them in AD, right?
In AD case doesn't matter, and in CCM case doesn't matter (for user IDs - for passwords it obviously does!).
So for example you create CCMAdministrator as the app admin account when you set up the server - you can log in as CcMAdmistrator if you like, or ccmadministrator.
The only exceptions I know of (now I'm adding one to the EM API I mentioned earlier, ask me again and I'll make up another) are the EM API and the OS Admin - for OS admin case has to match.
So in your example john JOHN and John are all the same john.
So it is... quality dev work there. Take CUCM that isn't case sensitive, integrate it with AD that isn't case sensitive, add UCCX that isn't case sensitive, and then add a client that is. I'm surprised that no one has flagged that up to me on the AD integrations I've done so far... there have been a few!
The CUCM I'm looking at is one that was AD integrated and was reverted, so the users in it are as they appeared in AD. As you say, you get invalid ID if case mismatches what was synced in when loggin in via CAD. Same user with CCX administrator rights logs in fine regardless of case.
I guess the question is whether the DirSnc process updates the case of existing users, or just accepts the case-insensitive match and leaves the userid unchanged.
If I recall correctly, when you switch from CUCM to LDAP integrated, all users accounts are essentially deleted and new LDAP users are added. The App users will remain and that is what you would need to log in to make initial user mods.
Same is true with 7.x/8.x UCCX.
Well - not quite. Exisiting users that match in terms of CUCM userID --> elected AD userID attribute are maintained. Exactly what happens to those is what Chris is querying..
I just ran into this on CUCM 9.1 & UCCX 10.5 with Finesse... how can this actually exist like this. Cisco's "workaround" is to use the correct case, which is completely unacceptable. This will be a user training nightmare.
Bug CSCsk11669 is no help
I am currently involved in CUCM intergration with AD. Case sensitivity is not an issue.
Just make sure that the CUCM user ID and MS user ID are identical
Just to add my comments to this - and this is the voice of experience.
CUCM accounts are not case sensitive.
CUPS accounts ARE case senstive, even though it uses the same user database as CUCM. So if you are ever planning on deploying CUPS, you need to make sure that the case matches otherwise loads of functions don't work including IM.
I tried in vain to get TAC to accept this as a bug.
I know this doesn't answer the original question, but hopefully it will be useful for somebody, and save them the same amount of pain I had of deleting 500 user accounts and creating them again with exactly the same case.
Sorry I can’t comment on whether different case names are overwritten or not!
However we recently installed UCCX for a customer that LDAP synced the users. You are very correct the CAD logon is case sensitive which a real pain is when the customer’s users had been setup with no conformity! John.Smith, john.smith, JOHN.SMITH etc!
Lucky for me as the UCCX was a new install I was able to LDAP it, then export the users to CSV and use the information to BAT my phones and update the End Users.
One other warning, be careful you don’t lock yourself out of UCCX when you LDAP sync! All UCCX users need to be in AD including your administrators!
Hope that helps!
I know that the post is old but it caught my attention.
I actually came across a case today and i needed to prove whether the userid gets changed on CUCM or not if the userid gets changed on AD.
So i tested up in my Lab.
It turned up that actually, if you change on AD the user logon name it will be reflected on CUCM with the new logon name, hence the CAD agents need to logging using the new logon name
At that moment i just had 1 phone associated to the phone and that relation remained the same.
All those changes were reflected on the Dirsync logs (they need to be at Debug Level).