Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
852
Views
0
Helpful
4
Replies

LDAP Search Base CM7.1.5

Go to solution
balitewiczp
Level 2
Level 2

‎05-09-2012 09:37 AM - edited ‎03-16-2019 11:04 AM

I have multiple OU's under the same parent OU.  I understand child containers are not searched down.  I have 5 search bases, and need to add another OU.   The Number of search bases in CM7.1.5 is limited to 5.            Has this been increased in any newer versions?       Or is there a way to search more than 5 OU's ?

Thanks 

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Jaime Valencia
Cisco Employee
Cisco Employee

‎05-09-2012 10:28 AM

"I understand child containers are not searched down."

That's wrong, unless you're talking about child domains.

To import the data into the Unified CM database,  the system performs a bind to the LDAP directory using the account  specified in the configuration as the LDAP Manager Distinguished Name,  and reading of the database is done with this account. The account must  be available in the LDAP directory for Unified CM to log in, and Cisco  recommends that you create a specific account with permissions to allow  it to read all user objects within the sub-tree that was specified by  the user search base.

It is possible to control the import of accounts  through use of permissions of the LDAP Manager Distinguished Name  account. In this example, if that account is restricted to have read  access to ou=Eng but not to ou=Mktg, then only the accounts located  under Eng will be imported.

http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/srnd/7x/directry.html#wp1045218

And no, the number of ldap syncs you can configure hasn't changed at all.

HTH

java

if this helps, please rate

www.cisco.com/go/pdihelpdesk

HTH

java

if this helps, please rate

View solution in original post

0 Helpful

Go to solution
Jaime Valencia
Cisco Employee
Cisco Employee
In response to balitewiczp

‎05-09-2012 06:04 PM

Yes, that's correct and what we have always done to overcome the 5 sync agreements limit.

HTH

java

if this helps, please rate

www.cisco.com/go/pdihelpdesk

HTH

java

if this helps, please rate

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Jaime Valencia
Cisco Employee
Cisco Employee

‎05-09-2012 10:28 AM

"I understand child containers are not searched down."

That's wrong, unless you're talking about child domains.

To import the data into the Unified CM database,  the system performs a bind to the LDAP directory using the account  specified in the configuration as the LDAP Manager Distinguished Name,  and reading of the database is done with this account. The account must  be available in the LDAP directory for Unified CM to log in, and Cisco  recommends that you create a specific account with permissions to allow  it to read all user objects within the sub-tree that was specified by  the user search base.

It is possible to control the import of accounts  through use of permissions of the LDAP Manager Distinguished Name  account. In this example, if that account is restricted to have read  access to ou=Eng but not to ou=Mktg, then only the accounts located  under Eng will be imported.

http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/srnd/7x/directry.html#wp1045218

And no, the number of ldap syncs you can configure hasn't changed at all.

HTH

java

if this helps, please rate

www.cisco.com/go/pdihelpdesk

HTH

java

if this helps, please rate
0 Helpful

Go to solution
balitewiczp
Level 2
Level 2
In response to Jaime Valencia

‎05-09-2012 01:10 PM

thanks for the quick reply.  I have exactly the situation depicted in the document, figure 17-6.  I have 5 different search bases, all at different OU's under the same root.   I understand from reading that I could use a search base at the root level, and use permissions to control imported users.

" In this example, a single synchronization agreement could have been used to specify the root of the domain,"

Am I thinking this right?

0 Helpful

Go to solution
Jaime Valencia
Cisco Employee
Cisco Employee
In response to balitewiczp

‎05-09-2012 06:04 PM

Yes, that's correct and what we have always done to overcome the 5 sync agreements limit.

HTH

java

if this helps, please rate

www.cisco.com/go/pdihelpdesk

HTH

java

if this helps, please rate
0 Helpful

Go to solution
balitewiczp
Level 2
Level 2
In response to Jaime Valencia

‎05-10-2012 04:37 AM

Yes, this is what I did, and indeed it works as expected.  Thanks again for your fast response and help

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents