Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

LDAP Filter using AXL Toolkit not working

Per previous posts instructions I have tried to apply a filter so if IP phone field is not populated in AD, a user will not appear in UCM user directory after sync.  We trying to get this working in lab before we apply in production.  Problem is after successfully applying filter, users with no IP Phone are still showing up in UCM Users (I created new users after applying filter with ip phone field populated, then ran sync)


Running UCM 7.1(3).

AD Structure for lab                ou=UCM, dc=lab, dc=local

Our sample.xml files in AXLtookit directory is below, as is command I run and sample respone which completes succesfully.  Anyone have any idea why users with iphone field blank are showing up in UCM after filter applied?

sample.xml

<?xml version="1.0" encoding="UTF-8"?>
<!--DTD generated by XMLSPY v5 rel. 4 U (http://www.xmlspy.com)-->
<!DOCTYPE data [
    <!ELEMENT data (sql+)>
    <!ELEMENT sql EMPTY>
    <!ATTLIST sql
    query CDATA #IMPLIED
        update CDATA #IMPLIED
>
]>

<data>
<sql update="update ldapfilter set filter ='(&amp;(objectclass=user)(!(objectclass=Computer))(!(UserAccountControl:1.2.840.113556.1.4.803:=2))(|(ipPhone=*)))' where tkldapserver=1"/>
<sql query="select * from ldapfilter where tkldapserver=1"/>
</data>

java -cp .\classes;.\lib\saaj-api.jar;.\lib\saaj-impl.jar;.\lib\mail.jar;.\lib\activation.jar;.\lib\jaxm-api.jar;.\lib\jaxm-runtime.jar;.\lib\xercesImpl.jar;.\lib\xml-apis.jar AxlSqlToolkit -username=Administrator -password=cisco1234 -host=172.16.3.5

---------------------------- update ldapfilter set filter ='(&(objectclass=user)(!(objectclass=Computer))(!(UserAccountControl:1.2.840.113556.1.4.803:=2))(|(ipPhone=*)))' where tkldapserver=1 ----------------------------
<?xml version="1.0" encoding="UTF-8" standalone="no"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><SOAP-ENV:Header/><SOAP-ENV:Body><axl:executeSQLUpdateResponse xmlns:axl="http://www.cisco.com/AXL/API/1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" sequence="1270299834064"><return><rowsUpdated>1</rowsUpdated></return></axl:executeSQLUpdateResponse></SOAP-ENV:Body></SOAP-ENV:Envelope>
---------------------------- select * from ldapfilter where tkldapserver=1 ----------------------------
<?xml version="1.0" encoding="UTF-8" standalone="no"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><SOAP-ENV:Header/><SOAP-ENV:Body><axl:executeSQLQueryResponse xmlns:axl="http://www.cisco.com/AXL/API/1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" sequence="1270299834907"><return><row><pkid>c8b4c680-ead1-43c0-a264-27da8142c539</pkid><tkldapserver>1</tkldapserver><filter>(&amp;(objectclass=user)(!(objectclass=Computer))(!(UserAccountControl:1.2.840.113556.1.4.803:=2))(|(ipPhone=*)))</filter></row></return></axl:executeSQLQueryResponse></SOAP-ENV:Body></SOAP-ENV:Envelope>

Your help is appreciated.

3 ACCEPTED SOLUTIONS

Accepted Solutions

Re: LDAP Filter using AXL Toolkit not working

Aaron is correct (+5 for accuracy and quickness), after you modify the LDAP filter in the database you will need to restart the DirSync service.

Also, I think you may want to adjust your LDAP search query a bit from:

(&(objectclass=user)(!(objectclass=Computer))(!(UserAccountControl:1.2.840.113556.1.4.803:=2))(|(ipPhone=*)))

to:

(&(objectclass=user)(!(objectclass=Computer))(!(UserAccountControl:1.2.840.113556.1.4.803:=2))(ipPhone=*))

You don't need the logical "OR" for the ipPhone attribute.  Another way to read the statement:

    objectclass=user  AND

    NOT objectclass=Computer  AND

    NOT UserAccountControl:1.2.840.113556.1.4.803:=2 AND

    ipPhone=*

HTH.

Regards,

Bill

HTH -Bill (b) http://ucguerrilla.com (t) @ucguerrilla

Please remember to rate helpful responses and identify

Super Bronze

Re: LDAP Filter using AXL Toolkit not working

Hi

There is only one filter at a time in the DB; you update the one row with that query you ran.

To reset it run the same thing you did before, but set the filter back to the original one as listed in Bill's article (http://www.netcraftsmen.net/component/content/article/70-unified-communications/742-axl-sql-toolkit-part-3-updating-cucm-dirsync-ldap-filter-by-example.html).

Aaron

Aaron Please remember to rate helpful posts to identify useful responses, and mark 'Answered' if appropriate!
Super Bronze

Re: LDAP Filter using AXL Toolkit not working

Hi

Not that I'm aware of..

Aaron Please remember to rate helpful posts to identify useful responses, and mark 'Answered' if appropriate!
8 REPLIES
Super Bronze

Re: LDAP Filter using AXL Toolkit not working

Hi

When I did this I found that the change didn't take effect until I restarted the DirSync service; allowing/forcing a resync wasn't enough.

Regards

Aaron

Aaron Please remember to rate helpful posts to identify useful responses, and mark 'Answered' if appropriate!

Re: LDAP Filter using AXL Toolkit not working

Aaron is correct (+5 for accuracy and quickness), after you modify the LDAP filter in the database you will need to restart the DirSync service.

Also, I think you may want to adjust your LDAP search query a bit from:

(&(objectclass=user)(!(objectclass=Computer))(!(UserAccountControl:1.2.840.113556.1.4.803:=2))(|(ipPhone=*)))

to:

(&(objectclass=user)(!(objectclass=Computer))(!(UserAccountControl:1.2.840.113556.1.4.803:=2))(ipPhone=*))

You don't need the logical "OR" for the ipPhone attribute.  Another way to read the statement:

    objectclass=user  AND

    NOT objectclass=Computer  AND

    NOT UserAccountControl:1.2.840.113556.1.4.803:=2 AND

    ipPhone=*

HTH.

Regards,

Bill

HTH -Bill (b) http://ucguerrilla.com (t) @ucguerrilla

Please remember to rate helpful responses and identify

New Member

Re: LDAP Filter using AXL Toolkit not working

Appreciate the quick response from both.

I have followed instructions (modified sample.xml per Williams syntax, then restarted dirsync service).  Still not working.  I then tried to use telephonNumber, and that didn't work either.  Now even new users I create in AD with telephon and ip phones field popluated show up in UCM (not do any other new users with field blank).

Can you provide me the syntax I need in sample.xml to remove filters?  Once filters are removed, I'll re-run with only syntax William suggested, then restart dirsync service).

Thanks,

New Member

Re: LDAP Filter using AXL Toolkit not working

Also while your were on the subject for ldap, is their a way to purge users immediatly from UCM (once you've removed in AD)?  I believe the garbage collector (or whatever it's called) only runs every 24 hours, so purged accounts in AD will still show up in UCM for at least 24 hours.

Regards,

Super Bronze

Re: LDAP Filter using AXL Toolkit not working

Hi

Not that I'm aware of..

Aaron Please remember to rate helpful posts to identify useful responses, and mark 'Answered' if appropriate!
Super Bronze

Re: LDAP Filter using AXL Toolkit not working

Hi

There is only one filter at a time in the DB; you update the one row with that query you ran.

To reset it run the same thing you did before, but set the filter back to the original one as listed in Bill's article (http://www.netcraftsmen.net/component/content/article/70-unified-communications/742-axl-sql-toolkit-part-3-updating-cucm-dirsync-ldap-filter-by-example.html).

Aaron

Aaron Please remember to rate helpful posts to identify useful responses, and mark 'Answered' if appropriate!
New Member

Re: LDAP Filter using AXL Toolkit not working

It's working.  Thanks to both.

Great article on AXL Toolkit bill.

Regards,

Re: LDAP Filter using AXL Toolkit not working

Glad to hear it's working for you. I am also glad you found the article on the AXL toolkit helpful.

Have a great weekend!

Regards,

Bill

HTH -Bill (b) http://ucguerrilla.com (t) @ucguerrilla

Please remember to rate helpful responses and identify

1279
Views
5
Helpful
8
Replies