cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5022
Views
0
Helpful
10
Replies

CUCM 7.1 and LDAP integration

gear53x11
Level 1
Level 1

I have all the LDAP configuration setup. However, I let it sync over the weekend and I dont have anything in my end user list. I can't add any AD accounts to any of the current groups, etc. Perhaps I am misunderstaning something??? Can someone let me know what they had to do to get AD accounts integrated with CUCM v7.1? I dont have any errors. I am not sure what else to look at. Thanks,

10 Replies 10

jmunoz19
Level 4
Level 4

Getting this working the first time can be confusing.  You don't have to wait for it to sync overnight; it should sync in a matter of seconds after pressing the "Perform Full Sync Now" button.  I'll bet that you have your LDAP User Search Base incorrect as that was a big stumbling block for me.  I strongly suggest downloading a LDAP browser and pointing it at AD.  It will tell you the exact LDAP path.

As an example, here's an LDAP path that I used last week setting up a customer's CUCM:

OU=Employees,OU=All User Accounts,DC=corp,DC=COMPANY,DC=org

Thanks! I'll test with an LDAP browser. How can I confirm? Should I see my AD users in the End User link?

Yes, if it works you will definitely see the AD users listed under End Users in CUCM.

Also you have to make sure that all the users in AD

have some entry in their Last Name field, as it is mandatory for CUCM. Any user in AD without Last Name will not be imported even if your settings are correct!! Hope this helps!!!!!

I am not having any luck here. Any additonal ideas before I submit a TAC?

I downloaded Softerra LDAP browser and successfully connected to and browsed my AD. Here are the configurations I am using in the LDAP sections of CUCM. These are the same settings I used in the LDAP browser too.

For the LDAP Authentication I have:

LDAP Manager Distinguished Name=
CN=MyLastName\, Matt,OU=01015,OU=Company Corporate,DC=company,DC=CBR,DC=INC

(I am a domain admin. Using my name for testing)

LDAP User Search Base=
OU=01015,OU=Company Corporate,DC=company,DC=CBR,DC=INC

For the LDAP Directory I have I used the exact same info from the LDAPP Authentication.

I dont see anything getting populated in my CUCM end user list.

Stupid question: is DirSync service running or not?

Michael

http://htluo.blogspot.com

Hmmm, not a stupid question. It is not activated. I will activateit. Which then makes me think, before I activate it...if this does work will I still be able to log in with the username/password I have configured. Itd doesnt get deleted does it, since it does not exist in AD? Or, should I created that account in AD first.

You should create an account under "User Management > Application Users".  Applilcation Users are not affected by LDAP sync.

Michael

OK, so I already have my account there that I have been using to manage. I'll enable the DirSync service and see what happens. I am feeling optimistic.

Thanks!

My issues have been resolved. For anyone else who encounters similar issues...here is the strange, unexplained, sequence of events. Although I am sure some of the replies in here also assisted in the resolution as well. Thanks!

It turns out that I had a bad license file from Cisco. I had been dealing with both the license issue and this LDAP issue simultaneously. CUCM could see my sub server, but it would not allow it to be added to a CM group. As I worked with Cisco on that, they determined I was licensed incorrectly. I received a new license file and that issue was resolved. After that, I went to my end user list, and low and behold my user list was populated with AD accounts. Cisco explained the LDAP issue could not have been related to my license issue. However, one of those incidences that was awfully coincidental. Thought I'd share. Now, onto the next issue.