Cisco Unity Connection - LDAP to AXL

Jagsuvce G · ‎01-21-2014

Hi,

We have Unity Connection 8.6 version and its integrated with LDAP. Now issue is all our Active Directory Servers NTLM version is getting updated/changed to NTLM V2. Currently its NTLM.

Will Cisco Unity Connection support LDAP NTLM V2 for Active Directory Sync??

If not, can i delete LDAP Integration in Unity Connnection and immdlty configure AXL web.??

After configuring AXL Web will the users mailbox be safe ??

Will this delete the users voice mail box ??

Pls suggest any work around for this..

Joseph Martini · ‎01-22-2014

CUCM and Unity Connection only support NTLMv1 until version 9 so you will likely run into a problem here when making the change. I'll check on the migration options and get back to you.

davrojas · ‎01-22-2014

Hello jagadish.q,

I know for a fact that NTLM v2 is not supported for SIB (Unified Messaging) and there is a bug for that:

https://tools.cisco.com/bugsearch/bug/CSCub61107

On the System Requirements for CUC on the LDAP section there is a mention of the LDAP directories but no NTLM version supported is referred:

Requirements for an LDAP Directory Integration

Microsoft Active Directory 2008 and Active Directory 2008 R2

Microsoft Active Directory 2008 Lightweight Directory Services

Microsoft Active Directory 2003

Microsoft Active Directory Application Mode (Windows Server 2003 and Windows XP Professional)

OpenLDAP 2.3.39 and 2.4

Sun iPlanet Directory Server 5.1 and later

Oracle Directory Server Enterprise Edition 11g (formerly Sun ONE Directory Server)

http://www.cisco.com/en/US/docs/voice_ip_comm/connection/8x/requirements/8xcucsysreqs.html#wp360078

Now i assume your concern with NTLM v2 is because you are planning to use LDAP Authentication feature, otherwise this should not be an issue.

There is no need to strictly delete the LDAP integration, you can just change on the users profile the radio button to "Do not Integrate with LDAP directory", for this you can use the Bulk Edit button. Doing this change DOES NOT delete the user voice mailbox, this will just address the sole purpose of breaking the tie with LDAP for the existing users but they will not be integrated with CUCM via AXL. Now if you wish to make those users as well future users to be AXL integrated you would have to recreate them, you can use Cobras utility found in ciscounitytools.com to take a backup of the users messages, and once you have integrated them via AXL you can do the restore of those messages for the previous LDAP users by overwritting the existing object id's.

Regards,

davidrojaspeckciscounityconnectionapplianceofthevoicetechnologysolutionofthetwentyfirstcentury

Jagsuvce G · ‎01-22-2014

Hi David,

Currently for my CUCM and CUC i have integrated LDAP only for synchornization purpose, Like to fetch or to create the users easily. Once the sync between AD and CUCM happens i see the users in CUCM and CUC. In CUCM i just add the controlled device profile and reset the PIN. In CUC i just import the users and reset the PIN.

For IP Phone Login/Voice mail login we won't use Active Directory Crendentials. Also we have not configured any thing in LDAP Authentication field in CUCM and CUC (its blank).

As per you, LDAP sync will work fine if Active Directory is using NTLM V2 and Only Authentication of IP Phone PIN will not work. Right ?? As we are not using Authentication so this should not be a problem right ??

Hope my understanding is correct.If yes so no need to dis integrate LDAP Config in CUCM and CUC right.

Regards

Jagadish