Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
575
Views
0
Helpful
4
Replies

Error: "LDAP Synch status is enabled. Cannot add users through BAT."

kylebrogers
Level 4
Level 4

‎04-15-2014 09:07 AM - edited ‎03-16-2019 10:28 PM

In 10.x it looks like Cisco has disallowed user imports (via BAT) into LDAP-integrated systems.  Has anyone else run into this?  Below is the error I'm receiving in the Job Status log file.  The error implies that "it's a feature, not a bug".  How are large companies supposed to import new phones/users when they open new branches or do a phone refresh?  Breaking LDAP to do the import isn't a option because you have to blow away your LDAP directory config to do so - not to mention people wouldn't be able to log into Jabber or their user pages while it was broken.  I'm hoping someone has a workaround or has already spoken with TAC about this.   

 

Failure Details :

Device Name/User ID Error Code Error Description

-----------------------------------------------------------------------------------------

LDAP Synch status is enabled. Cannot add users through BAT.

Result Summary :

INSERT for 0 PHONES passed.

INSERT for 5 PHONES failed.

INSERT for 0 USERS passed.

INSERT for 5 USERS failed.

1 person had this problem
Labels:
0 Helpful
4 Replies 4

anurag99998
Level 1
Level 1

‎04-15-2014 10:57 AM

Hi,

You can't add users using BAT when LDAP sync is enabled.

If you want to add more users/phones  to CUCM then the best way is to create the users in AD and then pull them from AD into CUCM database.

 

This issue is already discussed in other posts as well:

 

https://supportforums.cisco.com/discussion/10571521/how-do-i-bat-users-and-phones-ad-synch-enabled

 

 

0 Helpful

kylebrogers
Level 4
Level 4
In response to anurag99998

‎04-15-2014 11:06 AM

So if a company has a large CUCM deployment and adds another branch (let's say 100 phones/users), I would have to go user by user and do the phone associations, profile associations, primary extensions, etc 100 times? 

Is there a better way that I'm missing?  That just doesn't seem logical.  In previous versions (I'm not sure about 6.x in the link.  I started with 7.x) I could have sworn that I could import from BAT even if LDAP was integrated.  I would get an error and only the non-LDAP fields would get changed, but the changes, associations, etc. would still go through.

0 Helpful

anurag99998
Level 1
Level 1
In response to kylebrogers

‎04-15-2014 11:13 AM

You can disable LDAP integration,add users via BAT and then re enable LDAP

0 Helpful

kylebrogers
Level 4
Level 4
In response to anurag99998

‎04-15-2014 11:17 AM

If I break LDAP, Jabber logins won't pass through while it's disabled so I can't do that without taking down Jabber.  Also, Cisco makes you delete out your LDAP directories (search bases, etc) before you're allowed to uncheck/save the LDAP sync box.  You then have to rebuild them to turn it back on (I've never understood why I can't just uncheck the box).

I guess I was just hoping Cisco had provided a reasonable way to do bulk user/phone imports on LDAP integrated systems.

0 Helpful
Customers Also Viewed These Support Documents