I setup a 10.5 cluster that had local users with extensions as UserIDs as LDAP wasn't available at the time of setup. This has been in production for a couple of years without any issues and is currently integrated with WebEx Cloud in a hybrid deployment (WebEx for IM w/ on-prem CUCM/CUC). This all works well, however the client would now like to look at moving to LDAP integration so that they can do a single sign-on to the computer and then not have to authenticate again. I'm looking into the WebEx portion, but would there be a good way to migrate extension 810 that is user 810 to be user JDoe w/ a phone number of 810?
You need to match the userID in CUCM and in LDAP for those users to become LDAP users, read:
There is no pretty way to do this.
To migrate the userIDs, you'd either have to set them by hand - which has the advantage of CUCM 'knowing' which account was being changed to 'what' new userID and that means it would be change in things like the Owner field on a phone configuration page.
Or... you'd have to use the Bulk Administration Tool to export, modify, and re-import. The problem with the BAT method is that the users would (probably) lose their phone ownership which impacts licensing. If you knew which users were which numbers, you could probably do a second BAT job changing ownership of phones (and feature objects like SNR or EM profiles).
Thanks. It's under 200 phones so not the end of the world if i have to do this manually. Was trying to avoid it, but at 200 phones it would just be a couple of hours worth of work to get it sorted to match AD, then confirm that AD has all the correct information before the sync.
Yes, in the time you get the BAT jobs under control, you should easily be able to hand-edit 200 End User accounts.
When you are getting your LDAP ready, do you have a plan for your Directory URI field? Will you be using "mail" or "msRTCSIP-primaryuseraddress"?
Also, note that the (usually) telephoneNumber field (the one in LDAP on the General tab) will populate the Telephone Number field in CUCM. If a user dials another user by name, it will be to this DN that CUCM sends the call. It is important that this field either actually match the user's DN, or matches a user's Enterprise Alternate Number or something else like that.
Let us know how it goes.
Thanks for the advise. I had planned using the ipphone field to match the DN so I'd have a little more control and would allow for the users to still have the full DID in their telephone number field in AD.
i had planned to use the mail field.