04-15-2014 09:07 AM - edited 03-16-2019 10:28 PM
In 10.x it looks like Cisco has disallowed user imports (via BAT) into LDAP-integrated systems. Has anyone else run into this? Below is the error I'm receiving in the Job Status log file. The error implies that "it's a feature, not a bug". How are large companies supposed to import new phones/users when they open new branches or do a phone refresh? Breaking LDAP to do the import isn't a option because you have to blow away your LDAP directory config to do so - not to mention people wouldn't be able to log into Jabber or their user pages while it was broken. I'm hoping someone has a workaround or has already spoken with TAC about this.
Failure Details :
Device Name/User ID Error Code Error Description
-----------------------------------------------------------------------------------------
LDAP Synch status is enabled. Cannot add users through BAT.
Result Summary :
INSERT for 0 PHONES passed.
INSERT for 5 PHONES failed.
INSERT for 0 USERS passed.
INSERT for 5 USERS failed.
04-15-2014 10:57 AM
Hi,
You can't add users using BAT when LDAP sync is enabled.
If you want to add more users/phones to CUCM then the best way is to create the users in AD and then pull them from AD into CUCM database.
This issue is already discussed in other posts as well:
https://supportforums.cisco.com/discussion/10571521/how-do-i-bat-users-and-phones-ad-synch-enabled
04-15-2014 11:06 AM
So if a company has a large CUCM deployment and adds another branch (let's say 100 phones/users), I would have to go user by user and do the phone associations, profile associations, primary extensions, etc 100 times?
Is there a better way that I'm missing? That just doesn't seem logical. In previous versions (I'm not sure about 6.x in the link. I started with 7.x) I could have sworn that I could import from BAT even if LDAP was integrated. I would get an error and only the non-LDAP fields would get changed, but the changes, associations, etc. would still go through.
04-15-2014 11:13 AM
You can disable LDAP integration,add users via BAT and then re enable LDAP
04-15-2014 11:17 AM
If I break LDAP, Jabber logins won't pass through while it's disabled so I can't do that without taking down Jabber. Also, Cisco makes you delete out your LDAP directories (search bases, etc) before you're allowed to uncheck/save the LDAP sync box. You then have to rebuild them to turn it back on (I've never understood why I can't just uncheck the box).
I guess I was just hoping Cisco had provided a reasonable way to do bulk user/phone imports on LDAP integrated systems.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide