03-26-2015 03:52 AM
Hi
What's the meaning of LdapType.Unknown in a FullUser? The name seems to suggest something undefinied - which I'm sure it isn't.
In fact, looking at the wiki, 3 isn't even a valid valid for LdapType: http://docwiki.cisco.com/wiki/Cisco_Unity_Connection_Provisioning_Interface_(CUPI)_API_--_User_API, so I'd expect my mailboxes to return 1. Users without ldap sync properly return LdapType.None (0), and if I have a user whose ldap integration is inactive, it properly returns LdapType.Inactive (1).
I haven't checked the source yet, but something is off. Could it be that it's a binary add, so if a user that does authentication and is integrated, we have 0x01 & 0x10 = 0x10 and thus it's merely the "Unknown" that has me confused and it really means "the user is active and also does ldap authentication"
03-27-2015 08:45 AM
0,1,2,4 and the only legal values but there was a data dictionary floating around at one point that had 3 (combo of 1 and 2) for synch and authenticate - I don't think that ever saw the light of day as a concept so I just left 3 defined and put it as unknown.
03-29-2015 11:41 PM
But why are all my users that are synced and can authenticate the value 3? That seems to suggest that this value is alive and kicking. Unknown just really threw me given that everything is fine and proper with those users.
04-07-2015 10:53 AM
Looking at the data dictionary for 10.5.2 (included in CUDLI if you're interested) the LdapType has this entry:
Type Name: LdapType
Description: LDAP configuration information for a user.
Values:
Value: 0
Name: None
Description: User does not have LDAP enabled.
Value: 1
Name: Sync
Description: LDAP synchronization enabled.
Value: 2
Name: Authenticate
Description: LDAP authentication enabled.
Value: 4
Name: Inactive
Description: LDAP is enabled but temporarily inactive for the user.
=============
So 3 is a combination of 1 and 2 (bit flag field) - hence no entry for 3 explicitly. I pull most of the descriptions right from the data dictionary, hence the 3 not being explicitly called out.
04-08-2015 12:07 AM
So my suspicions were correct (I didn't bother checking CUDLI though as you know I've been horsing around with it a bit )
Shouldn't the enum then maybe be renamed to something like AuthenticationAndSync so that it is more descriptive (given that there's no official name something has to be made up). The name of the value 3 first threw me and I suppose I'm no the only one.
06-08-2022 01:51 PM - edited 06-08-2022 01:58 PM
I ran across this thread while attempting to extract data from a Unity Connection system via the CUPI API and I stumbled on the LdapType=3 instance. Like others in this thread I referenced the latest CUPI API documentation for an indication of what 3 actually means, and found no reference to 3. In my original setup, my users were LDAP integrated and authenticated. It did appear as if 3 is implied to be the sum of flags of 1(LDAP sync enabled) and 2(LDAP auth enabled) as others have pointed out, however when I disabled the authentication option and ran the API data pull a second time, the LdapType remained at 3 for LDAP-integrated users, with authentication disabled. I tried restarting dirsync and deleting my LDAP integration and re-adding it (with LDAP authentication turned off) and LdapType status for LDAP users remains at 3. Not sure what this means, meaning I guess it could be multiple possibilities for LdapType=3:
a) the LdapType update is sticky and stays at 3 for instances where authentication is currently or previously enabled at any time in the past
b) 3 is the new 1
c) I discovered a new Cisco bug with Unity Connection
d) Having authentication enabled, then later unchecking "Use LDAP Authentication for End Users" requires a cluster-wide reboot before LdapType is updated. This isn't documented anywhere in the notes I could find online so if this is the case, I'm chalking this up to possibility c, above.
If anyone else can explain this anomaly, I would be interested in their experience with the CUPI API on this variable.
In the meantime, I just added 3 to my if/then logic to note the user as "LDAP Integrated" when LdapType values 1 or 3 are present.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide