Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Ldap Auth User ID - Unified Communications Manager

Is it possible to use a different LDAP (AD) Attribute besides the default one for

the  LDAP System Configuration User ID of Cisco Unified Communications Manager?

 

(mail, samaccountname, telephonenumber, upn, employeenumber)

 

We are currently using up all these fields with our existing applications

and now need a different attribute mapped to the user id field.

 

Is that possible? All manuals say no. What is your experience?

 

Thanks,

Mike

1 REPLY
New Member

Hi Mike, I can tell you about

Hi Mike, 

I can tell you about our experience. I work on a Cisco partner and we need to solve that problem and like you say It's not supported directly but we solve this issue on one of our clients making a propietary script.

Cisco support ldap integration with MS LDS (or ADAM) wich acts like a proxy for the MS ADs. We create a replicated database on LDS. So, one DB look at AD and the other look at the CUCM. Then with our script we copied one DB on the other but change one the field. In our case, we took the mail field, strip "@domain.com" and we paste on the employeeNumber field on the second DB. Then we integrated CUCM and LDAP with EmployeeNumber like userID.

Because LDS and AD synchronize using another filed, like GUID or something like that, we can Authenticate without any problem because when an authentication request form CUCM come to LDS db2, it looks the GUID and go directly to AD.

Synchronization:

AD -- (guid) --- [db1 LDS] --script running on MS LDS --- [db2 LDS] -- (employeeNumber) -- CUCM

Authentication:

CUCM -- (employeeNumber) --- [db2 LDS] --- (guid) -- AD

Because CUCM support LDS integration we haven't any problem with TAC support because they only see an LDAP integration with LDS using EmployeeNumber.

The only problem here is you lose the real EmployeeNumber of AD.

I hope this be helpful

Regards

Pablo

PS: Sorry for my english.

95
Views
0
Helpful
1
Replies
CreatePlease to create content