Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Hall of Fame Super Silver

CUCM LDAP integration conversion and user case sensitivity

Customer is planning on integrating CUCM with LDAP for user sync/authentication but their current user IDs in CUCM do not match the sn names in AD case sensitivity, for example user in CUCM is defined as JSmith, but in AD it is jsmith.  Will the users be synced after the integrtion or will CUCM mark these as INACTIVE?  I do not see anything in SRND discussion case sensitivity for LDAP integration.

Thanks,

Chris

13 REPLIES
Cisco Employee

CUCM LDAP integration conversion and user case sensitivity

AFAIK the ldap sync is not case sensitive.

HTH

java

If this helps, please rate

www.cisco.com/go/pdihelpdesk

HTH

java

if this helps, please rate

www.cisco.com/go/pdi
Super Bronze

CUCM LDAP integration conversion and user case sensitivity

I would say (though I've not tested it) that since the userID and other fields in CUCM are not case sensitive (i.e. both JOHN and john can't exist), and the AD fields involved (even sAMAccountName) are not case sensitive, that shouldn't change when the two sync.

I've also never stumbled accross a problem relating to case though I can guarantee that due to MS being non-case-sensitive the users we've been syncing in will have been a fairly random mix of all lower, all upper, and title case.

In fact- the only exception I've found (and I presume this is just a bug that has gone unreported as it's a fairly little-used API) is in the EM API where a case difference stops login/logout requests working.

Aaron

Please rate helpful posts..

Aaron Please remember to rate helpful posts to identify useful responses, and mark 'Answered' if appropriate!
Hall of Fame Super Silver

CUCM LDAP integration conversion and user case sensitivity

Thanks guys, my main concern here is UCCX agent login IDs, today they use John, in AD they are defined as john, so after the integration they will need to start using john when loggin in, unless I change them in AD, right?

Super Bronze

CUCM LDAP integration conversion and user case sensitivity

In AD case doesn't matter, and in CCM case doesn't matter (for user IDs - for passwords it obviously does!).

So for example you create CCMAdministrator as the app admin account when you set up the server - you can log in as CcMAdmistrator if you like, or ccmadministrator.

The only exceptions I know of (now I'm adding one to the EM API I mentioned earlier, ask me again and I'll make up another) are the EM API and the OS Admin - for OS admin case has to match.

So in your example john JOHN and John are all the same john.

Aaron Please remember to rate helpful posts to identify useful responses, and mark 'Answered' if appropriate!
Hall of Fame Super Silver

CUCM LDAP integration conversion and user case sensitivity

I know for a fact that cisco CAD is case sensitive.

Super Bronze

CUCM LDAP integration conversion and user case sensitivity

So it is... quality dev work there. Take CUCM that isn't case sensitive, integrate it with AD that isn't case sensitive, add UCCX that isn't case sensitive, and then add a client that is. I'm surprised that no one has flagged that up to me on the AD integrations I've done so far... there have been a few!

The CUCM I'm looking at is one that was AD integrated and was reverted, so the users in it are as they appeared in AD. As you say, you get invalid ID if case mismatches what was synced in when loggin in via CAD. Same user with CCX administrator rights logs in fine regardless of case.

I guess the question is whether the DirSnc process updates the case of existing users, or just accepts the case-insensitive match and leaves the userid unchanged.

Aaron Please remember to rate helpful posts to identify useful responses, and mark 'Answered' if appropriate!
New Member

CUCM LDAP integration conversion and user case sensitivity

If I recall correctly, when you switch from CUCM to LDAP integrated, all users accounts are essentially deleted and new LDAP users are added. The App users will remain and that is what you would need to log in to make initial user mods.

Same is true with 7.x/8.x UCCX.

HTH,

Doug

Super Bronze

CUCM LDAP integration conversion and user case sensitivity

Well - not quite. Exisiting users that match in terms of CUCM userID --> elected AD userID attribute are maintained. Exactly what happens to those is what Chris is querying..

Aaron Please remember to rate helpful posts to identify useful responses, and mark 'Answered' if appropriate!
New Member

I just ran into this on CUCM

I just ran into this on CUCM 9.1 & UCCX 10.5 with Finesse... how can this actually exist like this.  Cisco's "workaround" is to use the correct case, which is completely unacceptable.  This will be a user training nightmare.

 

Bug CSCsk11669 is no help

https://tools.cisco.com/bugsearch/bug/CSCug51416

New Member

CUCM LDAP integration conversion and user case sensitivity

I am currently involved in CUCM intergration with AD. Case sensitivity is not an issue.

Just make sure that the CUCM user ID and MS user ID are identical 

Gold

CUCM LDAP integration conversion and user case sensitivity

Just to add my comments to this - and this is the voice of experience.

CUCM accounts are not case sensitive.

CUPS accounts ARE case senstive, even though it uses the same user database as CUCM. So if you are ever planning on deploying CUPS, you need to make sure that the case matches otherwise loads of functions don't work including IM.

I tried in vain to get TAC to accept this as a bug.

I know this doesn't answer the original question, but hopefully it will be useful for somebody, and save them the same amount of pain I had of deleting 500 user accounts and creating them again with exactly the same case.

HTH. Barry

Bronze

CUCM LDAP integration conversion and user case sensitivity

Hi Chris,

Sorry I can’t comment on whether different case names are overwritten or not!

However we recently installed UCCX for a customer that LDAP synced the users. You are very correct the CAD logon is case sensitive which a real pain is when the customer’s users had been setup with no conformity! John.Smith, john.smith, JOHN.SMITH etc!

Lucky for me as the UCCX was a new install I was able to LDAP it, then export the users to CSV and use the information to BAT my phones and update the End Users.

One other warning, be careful you don’t lock yourself out of UCCX when you LDAP sync! All UCCX users need to be in AD including your administrators! 

Hope that helps!

Matty

Cisco Employee

Hello,I know that the post is

Hello,

I know that the post is old but it caught my attention.

I actually came across a case today and i needed to prove  whether the userid gets changed on CUCM or not if the userid gets changed on AD.

So i tested up in my Lab.

It turned up that actually, if you change on AD the user logon name it will be reflected on CUCM with the new logon name, hence the CAD agents need to logging using the new logon name

At that moment i just had 1 phone associated to the phone and that relation remained the same.

All those changes were reflected on the Dirsync logs (they need to be at Debug Level).

 

 

 

1910
Views
0
Helpful
13
Replies
CreatePlease to create content