Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Unity Connection 9.1(2) LDAP Integration with AD 2012 in 2008 Mode

Per the descrition in the subject line .. anyone else run into problems with LDAP not returing users in similar configurations?

  • I'm aware per the System Requirements for Unitiy Connection 9.x document that AD 2012 is not listed as a supported LDAP directory.  However, AD is in 2008 mode so in theory this should be okay.

http://www.cisco.com/en/US/docs/voice_ip_comm/connection/9x/requirements/9xcucsysreqs.html#wp562632

  • Domain has over 100 users in two major OU groups.  Only one of those OU's is referenced here.
  • Created a unique user in the domain just for Unity Connection and made sure it had the necessary permissions to read the domain users.
  • The LDAP Directory Configuration using the DN and search base was succesful...

CUCVM_LDAP_Config.jpg

  • But Import Users from LDAP results in only one user being returns "Token_User_{guid}" which isn't actually part of the target domain.

CUCVM_Import_Users_from_LDAP.jpg

  • Tried different pemutations of search base all the way up to using DC's only to specify the top of the domain...all with the same result.
  • Verified the Untiy Connection user persmissions by specifying the DN in a third party LDAP browsing tool.  It worked perfectly.

LDAPBrowserScreenshot.jpg

I'm stumped.

Jon P.

2 REPLIES
New Member

Unity Connection 9.1(2) LDAP Integration with AD 2012 in 2008 Mo

Two updates:

  1. TAC came back and said officially CUCxn 9.x does not supprot Active Directory 2012 LDAP no matter what the DFL mode is.   The BU development team responded to question of "When?" -->verion 10.x.
  2. I spun up a AD 2008 R2 server, joined the domain and promoted to DC with intent of using it as a native, compatible, supported AD 2008 LDAP "gateway" just for Unity Connection 9.x to use.   Unfortuantely nothign changed.  Same bogus uers being returned.
New Member

Unity Connection 9.1(2) LDAP Integration with AD 2012 in 2008 Mo

The correct solution (with TAC's blessing) was adding the 2008 R2 native server (virtual/minimal), promoted to be a DC and then have Connections use that server as an LDAP gateway into Active Directory 2012.

Key things to be sure this works, especially if you have attempted the native AD 2102 integration previously, is to start the LDAP integration process from scratch:

  1. Delete all LDAP Directory Configurations
  2. Restart the DirSync service (Unified Communications Servicability)
  3. Perform Sync from within each new LDAP Directory Configuration which references the AD 2008 R2 DC.
528
Views
0
Helpful
2
Replies