04-18-2008 10:18 AM - edited 03-15-2019 10:09 AM
When we do an LDAP integration in CUCM 6.x, it grabs everyone, which is fine. I could do separate OUs and just grab those OUs. But is there a way to exclude ldap entries from the directory sync, or is basically sync all? (System accounts, or people we do not want listed in the corp directory)
I dont think there is way. We may have to use a third party or develop our own XML directory.
cheers
04-18-2008 02:24 PM
You are right. There's currently no support for filtering out some users in the chosen search base. As you stated, you would have to control this by restricting access of the LDAP Manager Distinguished Name account to just certain OUs.
Regards,
Michael.
05-29-2008 08:20 AM
I've configured my CCM6.1 for LDAP and I can see all the users in particular OUs in my End user page, but these users are not able to login to CCMUSER page (or the CRS Administration page in UCCx)
What rights does the LDAP Manager Distinguished name user need to have in ADS?
Thanks,
Joel
05-29-2008 08:27 AM
First thing is to check is that your AD users are showing up in CUCM. If they are, LDAP syncing is working with the account you are using.
To login to the CCMUSER page, the user must have certain permissions *within* CUCM applied to them before they can login. I had this problem once and drove me crazy. Verify the user you are trying to login with has the correct permissions on their account in CUCM.
Also, if the password or user name they are using has odd characters or something not standard, this may throw off authentication.
05-29-2008 08:49 AM
I can get the users synced fine.
I added the users the "Standard CCM End User" user group, which I think is the only thing to do to get an End user to be able to login to the CCMUSER page.
I think I have a ! in my password, let me reset to a simpler password and see if it would work.
Is there a list of characters not to use.
Thanks,
Joel
05-29-2008 08:56 AM
I cant recall which characters have troubles. I think it's a bug and it's in the bug list.
If you elevate the user to everything in CUCM can they login?
05-29-2008 09:02 AM
Tried adding all rights, but still cannot login.
Thanks for the reply.
05-29-2008 09:03 AM
You will have to check the RTMT log and see what the issue with the login is with the users. Im not sure why its not allowing you in.
Unless it is something with the LDAP and how it's binding. Double check your LDAP configuration and make sure everything is correct in CUCM. I believe there is a check box for authentication also.
05-29-2008 09:37 AM
I got it fixed.
The LDAP User search base under - LDAP Authentication must be greater that the User search base under - LDAP Directories.
I had this under LDAP Authentication
CN=users,DC=mickey,DC=org
This under LDAP directories
ou=Network Services, ou=Users, ou=Info Tech, ou=Jacksonville, dc=mickey, dc=org
Since my directories were not under CN=USERS, I had to change my user search base under LDAP Authentication to be
DC=mickey,DC=org
hope this helps others who who are as stupid as me...lol
joel
05-29-2008 09:42 AM
Glad you found it!
05-29-2008 12:18 PM
Thanks for posting this, you know you will not be the only one running into this, and you will save the next person a lot of grief!
Mary Beth
05-30-2008 07:32 AM
Guys,
I am not able to add more than 5 LDAP directories in CUCM.
Is this a configurable parameter?
thanks 4 any help.
Joel
05-30-2008 08:35 AM
okay, I painfully found that CUCM supports only "5" LDAP directories.
I have to get the ADS OUs rearranged accordingly....
I'm taking your advice Mary...posting how the issue was resolved...lol
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: