Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Hiding users in Corporate Directory

I am trying to remember how to hide users in CD in CM. Referring to this tech note, hiding users is not that of a big deal, but this user gets removed from CD in Callmanager and hence the user doesnt show up in the phone. The disadvantage of this method is that you can modify any user related parameter from the web interface. How can we work around this ? Is there another alternative method ?

http://www.cisco.com/en/US/products/sw/voicesw/ps556/products_tech_note09186a00804d2087.shtml

21 REPLIES

Re: Hiding users in Corporate Directory

Sankar,

Just wanna make sure I read you right. You want the user hidden from Corporate Directory lookups on the phone but not from User directory lookups/modifications in CCMAdmin. Correct?

Couple options are

1. Use a different LDAP store for Corporate Directory lookup on the phone.

2. Modify the xmldirectorylist.asp or xmldirectoryinput.asp to key on something (like the Description field) and not present any entries retrieved from the query that contain that. I would like to look at this myself. I will put it in the lab and see if I find anything.

Thanks

Fred

Re: Hiding users in Corporate Directory

Fred,

Yes you got it!

Option 1 is not something that is feasible at this time.

I am trying to hide system users like jtapi, rmjtapi, ac etc.

Re: Hiding users in Corporate Directory

There was a post on this with a different work around a while back in this forum. I cant seem to find it.

Re: Hiding users in Corporate Directory

Sankar you might want to try the following:

HIDE USERS

****************************************

DC DIRECTORY

You can hide users from beeing visible in the Corporate Directory.

For doing this, you have 2 options:

1) Set the first name to blank and put the whole name in the last name

field. Full Administrator users will not appear in the corporate

directory.

2) To hide a user in DC Directory:

First, cut and paste the following 4 lines into a file called "hideuser.ldif"

text file, and save it in the C: drive of the publisher callmanager server.

dn: cn=[userid],ou=users,o=cisco.com

changeType: modify

replace: Description

Description: CiscoPrivateUser

Set the [userid] to be the user you would like to hide. Example for the

UserID "ctifw":

dn: cn=ctifw,ou=users,o=cisco.com

changeType: modify

replace: Description

Description: CiscoPrivateUser

Next run the following command from a cmd prompt on the publisher callmanager

server in order to set the description field in DC Directory.

ldapmodify -h -p 8404 -D "cn=Directory

Manager,o=cisco.com"

-w -c -f hideuser.ldif

From 3.3 onwards, system users (or special users) are filtered out from the

search results. The users are filtered based on the attribute "Description".

If "Description" is CiscoPrivateUser, the user is not displayed in search

results from Corporate Directory or Users->Global Directory.

******************************************************************

AD DIRECTORY

To hide a user in AD do the following:

* If integrated with AD 2000:

----------------------------------------

dn: cn=[userid], CN=users, dc=[domain], dc=com

changeType: modify

replace: Description

Description: CiscoPrivateUser

Save this file on the AD server as "hideuser.ldif".

Then execute on the AD server:

ldifde -i -f hideuser.ldif

* If integrated with AD 2003:

----------------------------------------

Copy the following 5 lines (please note the '-' after the four lines. In

AD2K3, this is required and has changed from AD2K) into a text file and

replace the [userid] with the userid of the user that needs to be

hidden. Replace the [domain] with your domain. Save this file on the AD

server as "hideuser.ldif".

dn: cn=[userid], CN=users, dc=[domain], dc=com

changeType: modify

replace: Description

Description: CiscoPrivateUser

-

Then execute on the AD server:

ldifde -i -f hideuser.ldif

Re: Hiding users in Corporate Directory

Jorge,

I believe Sankar is trying to achieve phone directory lookup without hiding the users from the CCMAdmin.

Option 1, I tried and the user is still searchable via the phone. Can you explain this better? It's not searchable by first name but is by last name.

Option 2 hides the user in DCD or AD which he is trying to avoid.

Thanks

Fred

New Member

Re: Hiding users in Corporate Directory

I used the DC Directory modification instructions, and they worked to hide the user from user queries. My question is, how can this later be undone? Will any "Description" other than "CiscoPrivateUser", effectively bring this user back to user query results?

Re: Hiding users in Corporate Directory

Eric,

This was a good post. I tried what was in this original article with using the @, ! and -, it's definitely a good workaround but technically is still searchable from the phone. The only reason why I state this is this might be a security reason why he doesn't want some accounts to be shown.

Thanks

Fred

Re: Hiding users in Corporate Directory

Jorge,

Fred is right.

I already tried Option 2 with DCD. This hides the user completely from being searchable via web and via phone. I want the user to be searchable via web, but not the phone. I want to be able to modify device associations for these users via web, but at the same time hide them when you search via phone. (For system users like ac, jtapi, rmjtapi etc)

Keen to find out how option 1 works. I tried that but doesnt seem to work.

Thanks..

Hall of Fame Super Silver

Re: Hiding users in Corporate Directory

Sankar,

Did you ever get this to work?

Chris

Re: Hiding users in Corporate Directory

Nope,

You can use the ldapmodify command specified in the technote that was posted earlier in the post to hide the user, but then the user is removed from the web config page as well.

New Member

Re: Hiding users in Corporate Directory

Shanky, did you ever get your answer to this? I think I have it...I'm working on the same thing. Let me know and I'll post it if needed.

Re: Hiding users in Corporate Directory

I didnt find a sol. yet.

Keeping my ears open!!

Bronze

Re: Hiding users in Corporate Directory

The way I hide users in the DC Directory is to leave the First Name field blank and on the Last Name field enter first and last name with no spaces. The user is no longer displayed on the phone when doing searches, but I'm still able to search for the user using either first or last name using CCM.

Larry

Re: Hiding users in Corporate Directory

Larry,

Didnt think it was that easy..Good deal!! That works.

But if somebody searches using the first name in the last name field in Corp. Directory search windows in the phone, they will be able to pull up the user. Thats the catch, which is ok.

Silver

Re: Hiding users in Corporate Directory

Sankar,

It as actually very simple, just put a { in front of the first and last name, and it will not show up on the phone, but will be shown in ccmadmin. Users will not be able to search using this character on the phone, plus it will not show in a search all, so this should solve your issue I guess ;-)

Example

UserID: caradmin

FirstName: {car

LastName: {admin

Kind regards,

Leo

Re: Hiding users in Corporate Directory

Leo,

Good idea Leo. my 5 cents for you!!

Loy,

You can disable blind search feature from Enterprise parameters. That way you can force them to enter first few characters in last or first name

HTH

Sankar.

Silver

Re: Hiding users in Corporate Directory

actually, the method using the { (as proposed) will not show the users at a blank search either ;-)

That is, I tested it with CallManager 4.0(1) and it did not show while it did with other special characters :-)

Leo

ps. thankx for the rating ;-)

Re: Hiding users in Corporate Directory

Leo,

I tried this on CM 5.0 and doesnt seem to work. The { does show up in Corporate directory on the phone in a blind search.

New Member

Re: Hiding users in Corporate Directory

So, I see what the trick is, just modify the names in a manner that will keep people from entering the search criteria that would match...that works fine, but my "real world" users keep using a blank search field to "test" and see what comes up. This will yield some of those undesireable search results...that is what I was trying to programmatically fix...any ideas how to handle that? I have an idea, but it doesn't seem to be working. Another question is, when I modify the xmldirectorylist.asp, do I need to start/stop a service to clear the cache like you have to do for the TFTP service when you change the ringlist.xml?

Thanks

Silver

Re: Hiding users in Corporate Directory

Loevans,

Try my proposal, it will not show users starting with { in a blank search either :-))

I tested it with CallManager 4.0(1)

Leo

222
Views
31
Helpful
21
Replies
CreatePlease login to create content