We have users getting sucked into the corporate directory without ip phone numbers. For instance a user may have two AD accounts. One with a number and one without. But both get pushed into the corporate directory.
Is there a way to filter what goes into the corporate directory? We would like to only allow users in with phone numbers.
Customer doesnt want to restructure their AD containers.
Yeah, you can modify the database table the CUCM uses to store the LDAP query used as part of the Directory Synchron
ization process. I am assuming you are fine with filtering the users out before they are synchronized with the CUCM end user table.
With 6.1 there is no native interface in the CCMAdmin portal to do this. You would need to use the SQL Query Toolkit (A plugin on your CUCM system) to accomplish this. Instead of reiterating the procedure here, I will just provide a link to a blog I wrote on this topic. It is part of a series (with the previous parts providing necessary background on SQL table structure tand the query toolkit itself). Check this out and see if it works for you.
Now, if your goal is to synchronize the accounts with the CUCM end user table BUT hide the user from the corporate directory then your best bet is to stand up a custom corporate directory application on a separate web server and then use either LDAP to your backend or AXL/SOAP to the CUCM to apply the filters. This sounds more difficult than it is but I guess that depends on where you are coming from. There is a SDK on http://developer.cisco.com that you can use to build a custom corporate directory application. The SDK is a bit dated and you will need to tweak it some but it will give you a good foundation. That is, if you need to sync the user objects and hide them from the corporate directory. If you just want to filter them out completely, than the blog I provided should do the trick.
Further to Bill's comments (+5); here's an example XML Directory service I knocked up recently.
You would need to edit it to contain the details of your directory, and run it on a domain member IIS server with the 'anonymous authentication' user changed from the default IUSRxxxx account to a domain account.
It's preset to return users and contacts who have ipPhone populated, but there are a few examples of LDAP filters in there you can replace the standard one with by commenting/uncommenting, and if it's a different AD phone number field you want to use just edit that filter.
Works for me, though I make no pretensions at being a programmer so test it fully
Please rate helpful posts...
Please remember to rate helpful posts to identify useful responses, and mark 'Answered' if appropriate!
62591-Search for non blank IPphone contact and users.zip
You have reached the Cisco Logistics Support Center.. To Check Status of
your RMA, visit Product Returns & Replacements (RMA). Need help? Contact
us by Phone or Email. North Americas Phone: 1800 553 2447 Option 4
Email: firstname.lastname@example.org Europe Phone: +3...
The short answer is that you don't.... That isn't entirely true while at
the same time it kind of is, but for the most part you don't configure
the softkeys. You enable or disable them via TCL. Here is the long
answer. Be sure to read the whole thing or e...
Topology: IP Phone > Switches > Microsoft NPS setup to forward 802.1x
proxy to > ISE 2.1 patch 3 Authentication: EAP-TLS using Cisco MIC SANs
Phone Models 802.1X support? 802.1x flavor Addtl Comment EAP-MD5 EAP-TLS
Cisco 3905 Y Y N Cisco 6911 Y Y N Cisco ...