02-01-2010 03:17 PM - edited 03-15-2019 09:16 PM
I have all the LDAP configuration setup. However, I let it sync over the weekend and I dont have anything in my end user list. I can't add any AD accounts to any of the current groups, etc. Perhaps I am misunderstaning something??? Can someone let me know what they had to do to get AD accounts integrated with CUCM v7.1? I dont have any errors. I am not sure what else to look at. Thanks,
02-01-2010 03:31 PM
Getting this working the first time can be confusing. You don't have to wait for it to sync overnight; it should sync in a matter of seconds after pressing the "Perform Full Sync Now" button. I'll bet that you have your LDAP User Search Base incorrect as that was a big stumbling block for me. I strongly suggest downloading a LDAP browser and pointing it at AD. It will tell you the exact LDAP path.
As an example, here's an LDAP path that I used last week setting up a customer's CUCM:
OU=Employees,OU=All User Accounts,DC=corp,DC=COMPANY,DC=org
02-01-2010 03:37 PM
Thanks! I'll test with an LDAP browser. How can I confirm? Should I see my AD users in the End User link?
02-01-2010 07:13 PM
Yes, if it works you will definitely see the AD users listed under End Users in CUCM.
02-02-2010 12:29 AM
Also you have to make sure that all the users in AD
have some entry in their Last Name field, as it is mandatory for CUCM. Any user in AD without Last Name will not be imported even if your settings are correct!! Hope this helps!!!!!
02-02-2010 01:59 PM
I am not having any luck here. Any additonal ideas before I submit a TAC?
I downloaded Softerra LDAP browser and successfully connected to and browsed my AD. Here are the configurations I am using in the LDAP sections of CUCM. These are the same settings I used in the LDAP browser too.
For the LDAP Authentication I have:
LDAP Manager Distinguished Name=
CN=MyLastName\, Matt,OU=01015,OU=Company Corporate,DC=company,DC=CBR,DC=INC
(I am a domain admin. Using my name for testing)
LDAP User Search Base=
OU=01015,OU=Company Corporate,DC=company,DC=CBR,DC=INC
For the LDAP Directory I have I used the exact same info from the LDAPP Authentication.
I dont see anything getting populated in my CUCM end user list.
02-02-2010 02:02 PM
02-02-2010 02:09 PM
Hmmm, not a stupid question. It is not activated. I will activateit. Which then makes me think, before I activate it...if this does work will I still be able to log in with the username/password I have configured. Itd doesnt get deleted does it, since it does not exist in AD? Or, should I created that account in AD first.
02-02-2010 02:18 PM
You should create an account under "User Management > Application Users". Applilcation Users are not affected by LDAP sync.
Michael
02-02-2010 02:23 PM
OK, so I already have my account there that I have been using to manage. I'll enable the DirSync service and see what happens. I am feeling optimistic.
Thanks!
02-04-2010 01:09 PM
My issues have been resolved. For anyone else who encounters similar issues...here is the strange, unexplained, sequence of events. Although I am sure some of the replies in here also assisted in the resolution as well. Thanks!
It turns out that I had a bad license file from Cisco. I had been dealing with both the license issue and this LDAP issue simultaneously. CUCM could see my sub server, but it would not allow it to be added to a CM group. As I worked with Cisco on that, they determined I was licensed incorrectly. I received a new license file and that issue was resolved. After that, I went to my end user list, and low and behold my user list was populated with AD accounts. Cisco explained the LDAP issue could not have been related to my license issue. However, one of those incidences that was awfully coincidental. Thought I'd share. Now, onto the next issue.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide