Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1742
Views
15
Helpful
7
Replies

Convert from Local to LDAP Users

mumbles202
Level 5
Level 5

‎04-01-2019 09:04 AM

I setup a 10.5 cluster that had local users with extensions as UserIDs as LDAP wasn't available at the time of setup.  This has been in production for a couple of years without any issues and is currently integrated with WebEx Cloud in a hybrid deployment (WebEx for IM w/ on-prem CUCM/CUC).  This all works well, however the client would now like to look at moving to LDAP integration so that they can do a single sign-on to the computer and then not have to authenticate again.  I'm looking into the WebEx portion, but would there be a good way to migrate extension 810 that is user 810 to be user JDoe w/ a phone number of 810?  

Labels:
0 Helpful
7 Replies 7

Jaime Valencia
Cisco Employee
Cisco Employee

‎04-01-2019 09:10 AM

You need to match the userID in CUCM and in LDAP for those users to become LDAP users, read:

https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/srnd/collab10/collab10/directry.html

HTH

java

if this helps, please rate

Maren Mahoney
VIP
VIP

‎04-01-2019 10:30 AM

There is no pretty way to do this.

 

To migrate the userIDs, you'd either have to set them by hand - which has the advantage of CUCM 'knowing' which account was being changed to 'what' new userID and that means it would be change in things like the Owner field on a phone configuration page.

 

Or... you'd have to use the Bulk Administration Tool to export, modify, and re-import. The problem with the BAT method is that the users would (probably) lose their phone ownership which impacts licensing. If you knew which users were which numbers, you could probably do a second BAT job changing ownership of phones (and feature objects like SNR or EM profiles).

 

Maren

mumbles202
Level 5
Level 5
In response to Maren Mahoney

‎04-01-2019 11:05 AM

Thanks. It's under 200 phones so not the end of the world if i have to do this manually.  Was trying to avoid it, but at 200 phones it would just be a couple of hours worth of work to get it sorted to match AD, then confirm that AD has all the correct information before the sync.

0 Helpful

Maren Mahoney
VIP
VIP
In response to mumbles202

‎04-01-2019 12:01 PM

Yes, in the time you get the BAT jobs under control, you should easily be able to hand-edit 200 End User accounts.

When you are getting your LDAP ready, do you have a plan for your Directory URI field? Will you be using "mail" or "msRTCSIP-primaryuseraddress"?

 

Unsolicited Advice:

Also, note that the (usually) telephoneNumber field (the one in LDAP on the General tab) will populate the Telephone Number field in CUCM. If a user dials another user by name, it will be to this DN that CUCM sends the call. It is important that this field either actually match the user's DN, or matches a user's Enterprise Alternate Number or something else like that.

 

Let us know how it goes.

Maren

mumbles202
Level 5
Level 5
In response to Maren Mahoney

‎04-01-2019 01:51 PM

Thanks for the advise.  I had planned using the ipphone field to match the DN so I'd have a little more control and would allow for the users to still have the full DID in their telephone number field in AD.  

 

i had planned to use the mail field.  

0 Helpful

Adam Pawlowski
VIP Alumni
VIP Alumni

‎04-03-2019 02:14 AM

You can do this with AXL and specify a new userID to effectively “rename” the record.

Works just fine to do that and then sync. If you already sync users then you have to remove them as the userID cannot overlap.
0 Helpful

mumbles202
Level 5
Level 5
In response to Adam Pawlowski

‎04-04-2019 03:50 AM

Interesting. I'll have to look up how to do that.

0 Helpful
Customers Also Viewed These Support Documents