Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1660
Views
0
Helpful
2
Replies

CUCM 7.1.3 LDAP Filters Problem

Rafael Chavantes
Level 1
Level 1

‎12-21-2010 03:31 AM - edited ‎03-16-2019 02:31 AM

Hello All,

I'm facing some problems on the ldap filters for cucm 7.

What i want to do is apply this filter

(&(objectCategory=person)(objectClass=user)(telephoneNumber=*)(!(userAccountControl:1.2.840.113556.1.4.803:=65536))(!userAccountControl:1.2.840.113556.1.4.803:=2)(!(msExchHideFromAddressLists=TRUE)))

So will filter:

·         Disabled accounts (Don’t want to see users that are disabled)

·         Accounts without e-mail address (users without mail are usually service accounts)

·         Accounts hidden from Exchange GAL (users hidden from GAL is usually some kind of system account)

·         Accounts that has password set to not expire (users with that flag are usually some kind of system account)

ss  Acconts that have the field telephone number blank


I have applied this but did not work, new users were not imported and existing users were flaged as active even though they do not exist on AD.


So move back to the original configuration:

v     admin:run sql select ldap.name, ldf.tkldapserver as type, ldf.filter from ldapfilter as ldf inner join typeldapserver as ldap on ldf.tkldapserver = ldap.enum
name                                        type filter                                                                                       
=========================================== ==== =============================================================================================
Microsoft Active Directory                  1    (&(objectclass=user)(!(objectclass=Computer))(!userAccountControl:1.2.840.113556.1.4.803:=2))
Netscape or Sun ONE LDAP Server             2    (objectclass=inetOrgPerson)                                                                  
OpenLDAP                                    3    (objectclass=inetOrgPerson)                                                                  
Microsoft Active Directory Application Mode 4    (&(objectclass=user)(!(objectclass=Computer))(!(msDS-UserAccountDisabled=TRUE)))             

But the problem persisted so i set up a trace, which give me this as output

   

ERROR [DSLDAPSyncImpl(f3e69f68-8645-2fd3-3321-68fa39717df6)] ldapplugable.DSLDAPSyncImpl (DSLDAPSyncImpl.java:917) -   LDAPSync(f3e69f68-8645-2fd3-3321-68fa39717df6)[LDAPFullSync] javax.naming.directory.InvalidSearchFilterException: Unbalanced parenthesis; remaining name 'OU=Users,OU=Rio,OU=Brazil,OU=Energy Production,DC=NET,DC=FMCTI,DC=COM'

MESSAGE Unbalanced parenthesis

From TAC they said i have changed the filters and the is on that, but the filter is as it original state.

Hope someone has any clue, where the problem can be....

Labels:
0 Helpful
2 Replies 2

testeven
Cisco Employee
Cisco Employee

‎12-21-2010 08:14 AM

Hi,

Please check that your LDAP directory is supported as per the doc below:

http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/srnd/7x/directry.html#wp1044981

Also make sure you are pointint the search base to the specific OU and not the root.

This can also be caused to an issue on the LDAP server side, you might try to double check the config there.

Regards,

Tere Stevens
-----
Cisco Systems
Unified Communications PDI Team
www.cisco.com/go/pdihelpdesk

Regards, Tere. If you find this post helpful, please rate! :)
0 Helpful

Rafael Chavantes
Level 1
Level 1
In response to testeven

‎12-21-2010 08:18 AM

Running on windows Server 2003....

Also pointing to right Ou.

0 Helpful
Customers Also Viewed These Support Documents