Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

LDAP Integration with CUCM 9.0

We would like to use LDAP to sync all of our users from Active Directory.  All of our current CM Users are local, the problem is that they have the same user names as our Active Directory users.  From what I understand this is going to be a problem because:

"If accounts from LDAP match an existing Unified CM account that is not marked as an LDAP synchronized account, then these accounts are ignored."

Does that mean we will have to delete all our existing CM users in order to sync the LDAP users correctly?  Is there a best practice for this?  Once we syncronize the LDAP users how to I ensure that the user gets associated with the proper phone?  Or do I have to visit each user individually? 

Everyone's tags (2)
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

LDAP Integration with CUCM 9.0

I just did a quick test for this, my lab CUCM 9 is already LDAP integrated, but I created a local user, then I created that same local user in my LDAP OU, and performed a full sync.

The user is no longer showing as a local active user, but as an active LDAP synchronized user.

Which was my thought, there's only one conversion, from LDAP to local.

The behavior is just as with any previous release, local users who match an LDAP user after you enable it, are just updated, and kept with all their configurations.

I checked the option to turn it back again into a local user, did a full sync, and it's again an active LDAP user.

HTH

java

if this helps, please rate

www.cisco.com/go/pdihelpdesk

HTH

java

if this helps, please rate

www.cisco.com/go/pdi
8 REPLIES
Cisco Employee

LDAP Integration with CUCM 9.0

I just did a quick test for this, my lab CUCM 9 is already LDAP integrated, but I created a local user, then I created that same local user in my LDAP OU, and performed a full sync.

The user is no longer showing as a local active user, but as an active LDAP synchronized user.

Which was my thought, there's only one conversion, from LDAP to local.

The behavior is just as with any previous release, local users who match an LDAP user after you enable it, are just updated, and kept with all their configurations.

I checked the option to turn it back again into a local user, did a full sync, and it's again an active LDAP user.

HTH

java

if this helps, please rate

www.cisco.com/go/pdihelpdesk

HTH

java

if this helps, please rate

www.cisco.com/go/pdi
New Member

LDAP Integration with CUCM 9.0

Thanks for the reply.  So just to confirm that I understand your answer correctly, all of the exisiting local users I already have will automatically be converted to LDAP users as long as the information matches what I have in my LDAP OU? 

Cisco Employee

Re: LDAP Integration with CUCM 9.0

Correct, as long as whatever youre using as userID, matches on LDAP

Sent from Cisco Technical Support iPad App

HTH

java

if this helps, please rate

www.cisco.com/go/pdi
New Member

Re: LDAP Integration with CUCM 9.0

I enabled LDAP and performed the sync.  It worked great, all the local users whose userid matched AD where converted to Active LDAP Synchronized Users.  The one problem I've ran into is that none of the LDAP users can login to the CM Administration page nor the CM User page. I get a "Log on failed - Invalid User ID or Password" error.  Any idea why that would be happening? 

Also, can I expect a similar result with Unity Connection 9.0? Will it convert all the existing users to LDAP Synchronized Users just like Call Manager did? 

Thanks. 

Cisco Employee

Re: LDAP Integration with CUCM 9.0

Check your LDAP authentication config for that matter.

HTH

java

if this helps, please rate

www.cisco.com/go/pdihelpdesk

HTH

java

if this helps, please rate

www.cisco.com/go/pdi
New Member

Re: LDAP Integration with CUCM 9.0

Ah, You are correct.  I had the LDAP User Search Base correct under "LDAP Directory," but not under "LDAP Authentication." It's working now. 

New Member

Hi Java,How about the Local

 

 

VIP Purple
1146
Views
5
Helpful
8
Replies
CreatePlease login to create content