Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

How to Ahutenticate CUCM 6.1 with 2 LDAP

Hi: We have CUCM6.1 with LDAP Ahutentication and we are migrating ourdomain, and at present time have end users on both, does someone now how to make CUCM to chek both servers on diferent domains? I have revised several PDF but they say it have to be on a global domain is that the only solution?

1 ACCEPTED SOLUTION

Accepted Solutions
VIP Super Bronze

Re: How to Ahutenticate CUCM 6.1 with 2 LDAP

Are the domains in the same forest?

Do the domains have the same DNS hierarchy (ie. a.domain.local and b.domain.local); or are they, non-contiguous (a.domain.local. and b.fubar.local)?

As long as they are in the same forest you can still authenticate against both domains.

If the DNS heirarchy is not consistent, you'll need to use userPrincipalName as the User ID attribute instead of sAMAccountName. This changes usernames from jdoe to jdoe@a.domain.local. Because the username will now be unique across the different domains, the global catalog servers will know which account UCM is asking to bind with.

This is discussed further in the UCM SRND: http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/srnd/7x/directry.html

Please remember to rate helpful responses and identify helpful or
2 REPLIES
VIP Super Bronze

Re: How to Ahutenticate CUCM 6.1 with 2 LDAP

Are the domains in the same forest?

Do the domains have the same DNS hierarchy (ie. a.domain.local and b.domain.local); or are they, non-contiguous (a.domain.local. and b.fubar.local)?

As long as they are in the same forest you can still authenticate against both domains.

If the DNS heirarchy is not consistent, you'll need to use userPrincipalName as the User ID attribute instead of sAMAccountName. This changes usernames from jdoe to jdoe@a.domain.local. Because the username will now be unique across the different domains, the global catalog servers will know which account UCM is asking to bind with.

This is discussed further in the UCM SRND: http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/srnd/7x/directry.html

Please remember to rate helpful responses and identify helpful or
New Member

Re: How to Ahutenticate CUCM 6.1 with 2 LDAP

Thanks for the answer, Yes they were, and we finally did it puting the ahutentication on a server of higer level who could see both domains

Tks.

153
Views
0
Helpful
2
Replies