Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

UCM LDAP Integration with Multiple Forests

I have a customer with 2 domains in 2 separate forests (a 2 way trust exists between the 2 domains).  I have read through the UCM SRND and have not found anything on integration with more that one forest.

Based on what I read & past expierence I have come to the following conclusions:

  1. I can probably syncronize users from both domains without any issues (assuming there are not duplicate usernames)
  2. I will only be able to authenticate users for 1 of the 2 domains.

Has anyone come accross this?

Any suggestions?



Everyone's tags (4)

Re: UCM LDAP Integration with Multiple Forests

New Member

Re: UCM LDAP Integration with Multiple Forests


I am trying to run through this doc and I am getting the following error when trying to create the user-proxy object

C:\Windows\ADAM>ldifde -i -s localhost:389 -c CN=Configuration,DC=X #Configurati
onNamingContext -f MS-UserProxy-Cisco.ldf -j c:\windows\adam\logs
Connecting to "localhost:389"
Logging in as current user using SSPI
Importing directory from file "MS-UserProxy-Cisco.ldf"
Loading entries.
Add error on entry starting on line 10: No Such Attribute
The server side error is: 0x57 The parameter is incorrect.
The extended server error is:
00000057: LdapErr: DSID-0C090C26, comment: Error in attribute conversion operati
on, data 0, v1772
0 entries modified successfully.
An error has occurred in the program

My ldf file is as follows;

# @@UI-Description: AD LDS simple userProxy class.
# This file contains user extensions for default ADAM schema.
# It should be imported with the following command:
#   ldifde -i -f MS-UserProxy.ldf -s server:port -b username domain password -k -j . -c "CN=Schema,CN=Configuration,DC=X" #schemaNamingContext

dn: CN=User-Proxy,CN=Schema,CN=Configuration,DC=X
changetype: ntdsSchemaAdd
objectClass: top
objectClass: classSchema
cn: User-Proxy
subClassOf: top
governsID: 1.2.840.113556.1.5.246
schemaIDGUID:: bxjWYLbzmEiwrWU1r8B2IA==
rDNAttID: cn
showInAdvancedViewOnly: TRUE
adminDisplayName: User-Proxy
adminDescription: Sample class for bind proxy implementation.
objectClassCategory: 1
lDAPDisplayName: userProxy
systemOnly: FALSE
possSuperiors: domainDNS
possSuperiors: organizationalUnit
possSuperiors: container
possSuperiors: organization
defaultHidingValue: TRUE
defaultObjectCategory: CN=User-Proxy,CN=Schema,CN=Configuration,DC=X
systemAuxiliaryClass: msDS-BindProxy
systemMayContain: userPrincipalName
systemMayContain: givenName
systemMayContain: middleName
systemMayContain: sn
systemMayContain: manager
systemMayContain: department
systemMayContain: telephoneNumber
systemMayContain: mail
systemMayContain: title
systemMayContain: homephone
systemMayContain: mobile
systemMayContain: pager
systemMayContain: msDS-UserAccountDisabled
systemMayContain: samAccountName
systemMayContain: employeeNumber

changetype: modify
add: schemaUpdateNow
schemaUpdateNow: 1

If I comment out the "systemMayContain: samAccountName" line the import runs fine.

Any ideas?