Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

How to filter corporate directory entries?

Call Manager 6.1

AD sync

Issue:

We have users getting sucked into the corporate directory without ip phone numbers. For instance a user may have two AD accounts. One with a number and one without. But both get pushed into the corporate directory.

Is there a way to filter what goes into the corporate directory? We would like to only allow users in with phone numbers.

Customer doesnt want to restructure their AD containers.

Any bind hack or something we can do???

3 REPLIES

Re: How to filter corporate directory entries?

Yeah, you can modify the database table the CUCM uses to store the LDAP query used as part of the Directory Synchron

ization process.  I am assuming you are fine with filtering the users out before they are synchronized with the CUCM end user table.

With 6.1 there is no native interface in the CCMAdmin portal to do this.  You would need to use the SQL Query Toolkit (A plugin on your CUCM system) to accomplish this.  Instead of reiterating the procedure here, I will just provide a link to a blog I wrote on this topic.  It is part of a series (with the previous parts providing necessary background on SQL table structure tand the query toolkit itself).  Check this out and see if it works for you.

http://www.netcraftsmen.net/resources/blogs/axl-sql-toolkit-part-3-updating-cucm-dirsync-ldap-filter-by-example.html

Now, if your goal is to synchronize the accounts with the CUCM end user table BUT hide the user from the corporate directory then your best bet is to stand up a custom corporate directory application on a separate web server and then use either LDAP to your backend or AXL/SOAP to the CUCM to apply the filters.  This sounds more difficult than it is but I guess that depends on where you are coming from.  There is a SDK on http://developer.cisco.com that you can use to build a custom corporate directory application.  The SDK is a bit dated and you will need to tweak it some but it will give you a good foundation.  That is, if you need to sync the user objects and hide them from the corporate directory.  If you just want to filter them out completely, than the blog I provided should do the trick.

HTH.

Regards,
Bill

Please remember to rate helpful posts.

HTH -Bill (b) http://ucguerrilla.com (t) @ucguerrilla

Please remember to rate helpful responses and identify

Super Bronze

Re: How to filter corporate directory entries?

Hi

Further to Bill's comments (+5); here's an example XML Directory service I knocked up recently.

You would need to edit it to contain the details of your directory, and run it on a domain member IIS server with the 'anonymous authentication' user changed from the default IUSRxxxx account to a domain account.

It's preset to return users and contacts who have ipPhone populated, but there are a few examples of LDAP filters in there you can replace the standard one with by commenting/uncommenting, and if it's a different AD phone number field you want to use just edit that filter.

Works for me, though I make no pretensions at being a programmer so test it fully

Enjoy

Aaron

Please rate helpful posts...

Aaron Please remember to rate helpful posts to identify useful responses, and mark 'Answered' if appropriate!
Red

Re: How to filter corporate directory entries?

On CUCM 8, you may enter the filter string from CCMAdmin web interface.  You don't need any SDK.

Michael

http://htluo.blogspot.com

1024
Views
20
Helpful
3
Replies
CreatePlease to create content