cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1094
Views
0
Helpful
8
Replies

CUCM Migrate from local db accounts to LDAP

jvandermark
Level 1
Level 1

Hello all,

I was hoping to get some ideas on the best way to do this. We are looking to deploy CUPS and in doing so migrate all of our existing local database users over to LDAP enabled users with their current Hard Phones as well as batch in their new soft/jabber phones. I have seen it is easy to go the other way, but we would really love to leverage the ldap credentials as part of the rollout. Has anyone done this or have any good ideas on how to best facilitate the task? Perhaps with the bat utility?

Many thanks in advance!      

1 Accepted Solution

Accepted Solutions

rtrauernicht
Level 1
Level 1

The best bet would be update all your UserID's to match your sAMAccountName in AD.  Then setup your LDAP agreement and all those users who will match will sync up to AD without losing any associations.

Thanks,

Ryan

View solution in original post

8 Replies 8

rtrauernicht
Level 1
Level 1

The best bet would be update all your UserID's to match your sAMAccountName in AD.  Then setup your LDAP agreement and all those users who will match will sync up to AD without losing any associations.

Thanks,

Ryan

just to confirm I understand... If I take a userID that is currently a local DB account, and change it to match their sam account name and force an ldap sync, the ldap credentials will take over and all associations will remain?

That is correct.  Make sure it case sensitive.

On the flip side, if you have a UserID that matches a sAMAccountName and you force it to be a local account, the next sync cycle will push it back to AD integrated.  No way to change that behavior.

Thanks,

Ryan

It does not seem to be working that way for me... I forgot to mention we do have a filter in place for just ipPhone.

As a follow-up, here is what I did:

1. Converted a test users LDAP account back to an active local.

2. I then deleted this new active local account.

3. I then modified the old active local account userID to case sensitive match the sAMAccount name of the test user.

4. I forced an LDAP sync.

5. The active local user remained active local and did not become an ldap enabled account.

Second Test

1. I converted my LDAP enabled account to a local active account.

2. I then forced an ldap sync

3. My account stayed an active local account and did not re-convert to an ldap account.

You need to match, whatever you're using as the userID in CUCM against the LDAP values.

http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/admin/8_6_1/ccmcfg/b02ldsys.html

As long as you match it, the info from CUCM will be updated and the users will remain.

Then you can configure the LDAP authentication.

IF you have a filter it only affects which users will be synced, not the sync process or how they're matched.

HTH

java

if this helps, please rate

www.cisco.com/go/pdihelpdesk

HTH

java

if this helps, please rate

I completely follow what you both are saying. I am just not sure why it isnt working that way in our environment. This is what we have set for what to sync, and my curren local database account userID matches by case my sAMAccountName

Ha, went back to the is it plugged in question and found out the sync wasnt working at all anymore (another hand in the pot fat fingered a custom mapping) Once it was removed, it works as described about. Thank you gents so much!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: