Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
885
Views
0
Helpful
2
Replies

Unity Connection 9.1(2) LDAP Integration with AD 2012 in 2008 Mode

jcp408ADP
Level 1
Level 1

‎10-08-2013 10:23 PM - edited ‎03-16-2019 07:47 PM

Per the descrition in the subject line .. anyone else run into problems with LDAP not returing users in similar configurations?

  • I'm aware per the System Requirements for Unitiy Connection 9.x document that AD 2012 is not listed as a supported LDAP directory.  However, AD is in 2008 mode so in theory this should be okay.

http://www.cisco.com/en/US/docs/voice_ip_comm/connection/9x/requirements/9xcucsysreqs.html#wp562632

  • Domain has over 100 users in two major OU groups.  Only one of those OU's is referenced here.
  • Created a unique user in the domain just for Unity Connection and made sure it had the necessary permissions to read the domain users.
  • The LDAP Directory Configuration using the DN and search base was succesful...

CUCVM_LDAP_Config.jpg

  • But Import Users from LDAP results in only one user being returns "Token_User_{guid}" which isn't actually part of the target domain.

CUCVM_Import_Users_from_LDAP.jpg

  • Tried different pemutations of search base all the way up to using DC's only to specify the top of the domain...all with the same result.
  • Verified the Untiy Connection user persmissions by specifying the DN in a third party LDAP browsing tool.  It worked perfectly.

LDAPBrowserScreenshot.jpg

I'm stumped.

Jon P.

Labels:
0 Helpful
2 Replies 2

jcp408ADP
Level 1
Level 1

‎10-09-2013 02:30 PM

Two updates:

  1. TAC came back and said officially CUCxn 9.x does not supprot Active Directory 2012 LDAP no matter what the DFL mode is.   The BU development team responded to question of "When?" -->verion 10.x.
  2. I spun up a AD 2008 R2 server, joined the domain and promoted to DC with intent of using it as a native, compatible, supported AD 2008 LDAP "gateway" just for Unity Connection 9.x to use.   Unfortuantely nothign changed.  Same bogus uers being returned.
0 Helpful

jcp408ADP
Level 1
Level 1

‎10-12-2013 07:57 AM

The correct solution (with TAC's blessing) was adding the 2008 R2 native server (virtual/minimal), promoted to be a DC and then have Connections use that server as an LDAP gateway into Active Directory 2012.

Key things to be sure this works, especially if you have attempted the native AD 2102 integration previously, is to start the LDAP integration process from scratch:

  1. Delete all LDAP Directory Configurations
  2. Restart the DirSync service (Unified Communications Servicability)
  3. Perform Sync from within each new LDAP Directory Configuration which references the AD 2008 R2 DC.
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents