Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1737
Views
5
Helpful
8
Replies

LDAP Integration with CUCM 9.0

Go to solution
JOHN WILHELM
Level 4
Level 4

‎07-16-2013 03:29 PM - edited ‎03-19-2019 07:00 AM

We would like to use LDAP to sync all of our users from Active Directory.  All of our current CM Users are local, the problem is that they have the same user names as our Active Directory users.  From what I understand this is going to be a problem because:

"If accounts from LDAP match an existing Unified CM account that is not marked as an LDAP synchronized account, then these accounts are ignored."

Does that mean we will have to delete all our existing CM users in order to sync the LDAP users correctly?  Is there a best practice for this?  Once we syncronize the LDAP users how to I ensure that the user gets associated with the proper phone?  Or do I have to visit each user individually? 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jaime Valencia
Cisco Employee
Cisco Employee

‎07-16-2013 04:21 PM

I just did a quick test for this, my lab CUCM 9 is already LDAP integrated, but I created a local user, then I created that same local user in my LDAP OU, and performed a full sync.

The user is no longer showing as a local active user, but as an active LDAP synchronized user.

Which was my thought, there's only one conversion, from LDAP to local.

The behavior is just as with any previous release, local users who match an LDAP user after you enable it, are just updated, and kept with all their configurations.

I checked the option to turn it back again into a local user, did a full sync, and it's again an active LDAP user.

HTH

java

if this helps, please rate

www.cisco.com/go/pdihelpdesk

HTH

java

if this helps, please rate

View solution in original post

8 Replies 8

Go to solution
Jaime Valencia
Cisco Employee
Cisco Employee

‎07-16-2013 04:21 PM

I just did a quick test for this, my lab CUCM 9 is already LDAP integrated, but I created a local user, then I created that same local user in my LDAP OU, and performed a full sync.

The user is no longer showing as a local active user, but as an active LDAP synchronized user.

Which was my thought, there's only one conversion, from LDAP to local.

The behavior is just as with any previous release, local users who match an LDAP user after you enable it, are just updated, and kept with all their configurations.

I checked the option to turn it back again into a local user, did a full sync, and it's again an active LDAP user.

HTH

java

if this helps, please rate

www.cisco.com/go/pdihelpdesk

HTH

java

if this helps, please rate

Go to solution
JOHN WILHELM
Level 4
Level 4
In response to Jaime Valencia

‎07-16-2013 06:22 PM

Thanks for the reply.  So just to confirm that I understand your answer correctly, all of the exisiting local users I already have will automatically be converted to LDAP users as long as the information matches what I have in my LDAP OU? 

0 Helpful

Go to solution
Jaime Valencia
Cisco Employee
Cisco Employee
In response to JOHN WILHELM

‎07-16-2013 07:24 PM

Correct, as long as whatever youre using as userID, matches on LDAP

Sent from Cisco Technical Support iPad App

HTH

java

if this helps, please rate
0 Helpful

Go to solution
JOHN WILHELM
Level 4
Level 4
In response to Jaime Valencia

‎07-18-2013 07:17 AM

I enabled LDAP and performed the sync.  It worked great, all the local users whose userid matched AD where converted to Active LDAP Synchronized Users.  The one problem I've ran into is that none of the LDAP users can login to the CM Administration page nor the CM User page. I get a "Log on failed - Invalid User ID or Password" error.  Any idea why that would be happening? 

Also, can I expect a similar result with Unity Connection 9.0? Will it convert all the existing users to LDAP Synchronized Users just like Call Manager did? 

Thanks. 

0 Helpful

Go to solution
Jaime Valencia
Cisco Employee
Cisco Employee
In response to JOHN WILHELM

‎07-18-2013 07:28 AM

Check your LDAP authentication config for that matter.

HTH

java

if this helps, please rate

www.cisco.com/go/pdihelpdesk

HTH

java

if this helps, please rate
0 Helpful

Go to solution
JOHN WILHELM
Level 4
Level 4
In response to Jaime Valencia

‎07-18-2013 07:37 AM

Ah, You are correct.  I had the LDAP User Search Base correct under "LDAP Directory," but not under "LDAP Authentication." It's working now. 

0 Helpful

Go to solution
lollike
Level 1
Level 1
In response to Jaime Valencia

‎11-24-2014 02:07 AM

 

 

0 Helpful
Customers Also Viewed These Support Documents