09-18-2006 12:56 PM - edited 03-13-2019 03:01 PM
I am trying to remember how to hide users in CD in CM. Referring to this tech note, hiding users is not that of a big deal, but this user gets removed from CD in Callmanager and hence the user doesnt show up in the phone. The disadvantage of this method is that you can modify any user related parameter from the web interface. How can we work around this ? Is there another alternative method ?
http://www.cisco.com/en/US/products/sw/voicesw/ps556/products_tech_note09186a00804d2087.shtml
09-18-2006 01:53 PM
Sankar,
Just wanna make sure I read you right. You want the user hidden from Corporate Directory lookups on the phone but not from User directory lookups/modifications in CCMAdmin. Correct?
Couple options are
1. Use a different LDAP store for Corporate Directory lookup on the phone.
2. Modify the xmldirectorylist.asp or xmldirectoryinput.asp to key on something (like the Description field) and not present any entries retrieved from the query that contain that. I would like to look at this myself. I will put it in the lab and see if I find anything.
Thanks
Fred
09-18-2006 02:51 PM
Fred,
Yes you got it!
Option 1 is not something that is feasible at this time.
I am trying to hide system users like jtapi, rmjtapi, ac etc.
09-18-2006 03:48 PM
There was a post on this with a different work around a while back in this forum. I cant seem to find it.
09-19-2006 05:02 AM
09-19-2006 06:33 AM
Sankar you might want to try the following:
HIDE USERS
****************************************
DC DIRECTORY
You can hide users from beeing visible in the Corporate Directory.
For doing this, you have 2 options:
1) Set the first name to blank and put the whole name in the last name
field. Full Administrator users will not appear in the corporate
directory.
2) To hide a user in DC Directory:
First, cut and paste the following 4 lines into a file called "hideuser.ldif"
text file, and save it in the C: drive of the publisher callmanager server.
dn: cn=[userid],ou=users,o=cisco.com
changeType: modify
replace: Description
Description: CiscoPrivateUser
Set the [userid] to be the user you would like to hide. Example for the
UserID "ctifw":
dn: cn=ctifw,ou=users,o=cisco.com
changeType: modify
replace: Description
Description: CiscoPrivateUser
Next run the following command from a cmd prompt on the publisher callmanager
server in order to set the description field in DC Directory.
ldapmodify -h
Manager,o=cisco.com"
-w
From 3.3 onwards, system users (or special users) are filtered out from the
search results. The users are filtered based on the attribute "Description".
If "Description" is CiscoPrivateUser, the user is not displayed in search
results from Corporate Directory or Users->Global Directory.
******************************************************************
AD DIRECTORY
To hide a user in AD do the following:
* If integrated with AD 2000:
----------------------------------------
dn: cn=[userid], CN=users, dc=[domain], dc=com
changeType: modify
replace: Description
Description: CiscoPrivateUser
Save this file on the AD server as "hideuser.ldif".
Then execute on the AD server:
ldifde -i -f hideuser.ldif
* If integrated with AD 2003:
----------------------------------------
Copy the following 5 lines (please note the '-' after the four lines. In
AD2K3, this is required and has changed from AD2K) into a text file and
replace the [userid] with the userid of the user that needs to be
hidden. Replace the [domain] with your domain. Save this file on the AD
server as "hideuser.ldif".
dn: cn=[userid], CN=users, dc=[domain], dc=com
changeType: modify
replace: Description
Description: CiscoPrivateUser
-
Then execute on the AD server:
ldifde -i -f hideuser.ldif
09-19-2006 06:39 AM
Jorge,
I believe Sankar is trying to achieve phone directory lookup without hiding the users from the CCMAdmin.
Option 1, I tried and the user is still searchable via the phone. Can you explain this better? It's not searchable by first name but is by last name.
Option 2 hides the user in DCD or AD which he is trying to avoid.
Thanks
Fred
03-11-2007 10:00 AM
I used the DC Directory modification instructions, and they worked to hide the user from user queries. My question is, how can this later be undone? Will any "Description" other than "CiscoPrivateUser", effectively bring this user back to user query results?
09-19-2006 06:43 AM
Eric,
This was a good post. I tried what was in this original article with using the @, ! and -, it's definitely a good workaround but technically is still searchable from the phone. The only reason why I state this is this might be a security reason why he doesn't want some accounts to be shown.
Thanks
Fred
09-19-2006 06:56 AM
Jorge,
Fred is right.
I already tried Option 2 with DCD. This hides the user completely from being searchable via web and via phone. I want the user to be searchable via web, but not the phone. I want to be able to modify device associations for these users via web, but at the same time hide them when you search via phone. (For system users like ac, jtapi, rmjtapi etc)
Keen to find out how option 1 works. I tried that but doesnt seem to work.
Thanks..
10-07-2006 10:43 AM
Sankar,
Did you ever get this to work?
Chris
10-07-2006 12:06 PM
Nope,
You can use the ldapmodify command specified in the technote that was posted earlier in the post to hide the user, but then the user is removed from the web config page as well.
10-12-2006 01:31 PM
Shanky, did you ever get your answer to this? I think I have it...I'm working on the same thing. Let me know and I'll post it if needed.
10-12-2006 01:53 PM
I didnt find a sol. yet.
Keeping my ears open!!
10-13-2006 09:32 AM
The way I hide users in the DC Directory is to leave the First Name field blank and on the Last Name field enter first and last name with no spaces. The user is no longer displayed on the phone when doing searches, but I'm still able to search for the user using either first or last name using CCM.
Larry
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: