Collect the PCAP from CUCM

Igor Gaydarov · ‎03-04-2016

Hi all,

I have an issue with directory synchronization, when CUCM can't obtain any users from AD LDS (multiforest for multidomain deployment).

There are certain fields which are synchronizing from AD servers to LDS, listed below:

sAMAccountName
mail
middleName
manager
telephoneNumber
title
mobile
givenName
sn
department
homephone
pager
displayName

Any other fields are excluded.

LDAP Attribute for User ID on CUCM (version 11, by the way) is mail.

Error logs from RTMT:

2016-03-05 00:24:47,169 ERROR [DSLDAPSyncImpl(c47e8637-81b0-c4e8-a48f-e4bc944f024a)] ldapplugable.DSLDAPSyncImpl (DSLDAPSyncImpl.java:1977) - LDAPSync(c47e8637-81b0-c4e8-a48f-e4bc944f024a)[searchInternalExact] com.sun.jndi.ldap.LdapReferralException: Continuation Reference; remaining name 'dc=msk,dc=phstd'
MESSAGE Continuation Reference
com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreReferrals(LdapNamingEnumeration.java:351)
com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreImpl(LdapNamingEnumeration.java:226)
com.sun.jndi.ldap.LdapNamingEnumeration.hasMore(LdapNamingEnumeration.java:189)
com.cisco.ccm.dir.dirsync.ldapplugable.DSLDAPSyncImpl.searchInternalExact(DSLDAPSyncImpl.java:1958)
com.cisco.ccm.dir.dirsync.ldapplugable.DSLDAPSyncImpl.LDAPFullSync(DSLDAPSyncImpl.java:1308)
com.cisco.ccm.dir.dirsync.ldapplugable.DSLDAPSyncImpl.run(DSLDAPSyncImpl.java:442)

2016-03-05 00:24:47,172 ERROR [DirSync-DBInterface] common.DSDBInterface (DSDBInterface.java:557) - DSDBInterface.updateUserInfo LDAP data discarded: Missing LDAP attribute: Attribute Count=1 AgreementId=c47e8637-81b0-c4e8-a48f-e4bc944f024a
[uniqueidentifier]

So, no users appeared on my CUCM.

I've checked that Last Name field is filled in on ADs and AD LDS database is populated by users from ADs.

Has anyone run into this problem?

Abhay Singh Reyal · ‎03-07-2016

Collect the PCAP from CUCM and LDAP server and see it the Bind request is being sent by CUCM and what does LDAP server responds with in Bind Response.

Check if regular LDAP works fine or not.

Check your configuration as per below link

http://www.cisco.com/c/en/us/support/docs/voice-unified-communications/unified-communications-manager-version-80/111979-ucm-multi-forest-00.html#anc20

Regards

Abhay Reyal

Regards
Abhay Singh Reyal
The Only Way To Do Great Work Is To Love What You Do. If You Haven’t Found It Yet, Keep Looking. Don’t Settle

Anil Sharma · ‎06-18-2018

May I know if u were able to fix it. And how ?

Claudio Costa · ‎08-01-2018

How did you fix this problem?

Anil Sharma · ‎08-01-2018

in my case it was filter issue on CUCM. Once I corrected the filter users got imported successfully.

Claudio Costa · ‎08-02-2018

ohh .. okay guy. It's not it my problem due I'm not using any filter at this moment.

Thanks.

Cláudio Costa

Anil Sharma · ‎08-02-2018

I am not aware of your setup, however if you are using ADLDS usually you map
user object from AD to userproxy object in ADLDS and therefore you have to use the filter on CUCM, default filter will not work in this case.

Claudio Costa · ‎08-02-2018

Hi Anil,

Thank you so much for your information. Do you have this filter you ever use in your environment? It'll be very useful for me.

Best Regards,

Cláudio Costa

Anil Sharma · ‎08-02-2018

Filter I m using is below:

(&(objectClass=userProxy)(userPrincipalName=*)(!(sAMAccountName=*-*)))

Claudio Costa · ‎08-02-2018

Great,

Having in mind is not supported uid when integrating with LDS, I have been using mail to populate the UID on CUCM. Do you use this same attribute from LDS?

Regards.

Cláudio Costa

Anil Sharma · ‎08-02-2018

yes, I also used mail as User ID on CUCM

thanzeels · ‎05-16-2023

Hi.. I am seeing the same error on synchronization. But i am not using any filters in my LDAP Directory.

Kindly advise.

Can't obtain any users from AD LDS (ADAM) to CUCM 11