In recent months, we upgraded from CUCM 7.1.5 to 9.1.2. During that process we added CUIM&P and turned on AD synchronization and authorization. Unfortunately, this has imported all users from AD and half of these users don't use CUCM or Jabber.
I have been trying to figure out how to filter out the unwanted users by applying a custom LDAP filter to the LDAP directory profile. The first step was creating the user group CUCM in AD and joining only the users we want to import. I then developed the filter using Softerra LDAP Browser and the ldapsearch command in OpenLDAP. When I execute the ldapsearch command, only the users in the CUCM group are returned. However, when I apply the filter, all the current AD users are changed from active to inactive. I expected that only the AD synched users not in the CUCM group to be changed to inactive and then subsequently removed by the garbage collector.
I think I understand where you are going. Lets take my account for example; teddy.bowen. The DN for my account is 'CN=Teddy Bowen,OU=Engineering,OU=HQ,DC=companyXYZ,DC=com.' If I'm following this correctly, my user account is actually in another OU within OU=HQ. When I look at my CN, it shows that I'm a member of CUCM.
Your suggestion is to change the search base for the directory configuration to 'CN=CUCM,OU=HQ,DC=companyXYZ,DC=com' and import only those users. Correct?
Okay, after trying a lot of different filter combinations, I was able to resolve the problem. It turned out to be a simple syntax error. It seems that ldapsearch command didn't mind the single quotes in the memberOf= portion of the filter but CUCM does. I removed the single quotes and it worked like a charm. I also changed sAMAccountName=* for objectClass=user. Both yielded the same results, I just noticed that some other non-user AD objects had sAMAccountName and wanted to make sure that only users are imported.
SIP traces provide key information in troubleshooting SIP Trunks, SIP
endpoints and other SIP related issues. Even though these traces are in
clear text, these texts can be gibberish unless you understand fully
what they mean. This document attempts to br...
Please find the attached HTML document, download and open it on your PC.
This provides an easy to use form where you simply answer a few
questions and it will render the proper jabber-config.xml file for you
to copy/paste. There is built in logic to verif...
CUCM Database Replication is an area in which Cisco customers and
partners have asked for more in-depth training in being able to properly
assess a replication problem and potentially resolve an issue without
involving TAC. This document discusses the bas...