If an existing cluster is integrated with an existing LDAP directory and that directory becomes unavailable for a prolonged amount of time (time exceeding when the accounts are both deactivated and fully removed), what will ultimately happen to functions that CUCM provides that used that authentication/directory source to be enabled?
e.g. 100 users are logged in with Extension Mobility and do not logout under normal circumstances.
Extension Mobility is authenticated by PIN rather than password so that will continue fine.
Access to things that use password authentication (if this is configured on CUCM) will fail - this would include ccmuser access, UCCX login etc.
The user accounts would stay - they would not be deleted.
If your LDAP failed I think you could disable LDAP authentication and just set local passwords on CUCM which should be an ok workaround - I have never done this but cannot see why it would be a problem.
Also with CUCM 9 you can convert LDAP synced users into local users.
If it goes up to the point you ask:
(time exceeding when the accounts are both deactivated and fully removed)
I DO see a problem here.
The PIN is indeed local to CUCM, but that would only work for the time between when the user is deactivated and garbage disposal mechanism removes it from the DB. (SRND 9 explains this if anyone is interested)
Once the user is gone, so is the PIN, so is any user/device/line/UDP/remote destination/etc association.
Only application users are local to CUCM and have no dependency on LDAP once it's configured, any end user which is synced via LDAP, is either active / inactive and ultimately deleted.
AFAIK the only way to prevent this would be to disable all together the LDAP sync/auth.
If this helps, please rate