Re: CUCM 7.x & LDAP intergration changes - what happens to data

stuartbedale · ‎03-30-2009

Hello

What happens to End User info stored in CUCM if you change some LDAP settings?

If a CUCM 7.x is integrated with LDAP for searches and authentication, and you decide to change the "LDAP Attribute for User ID" from say sAMAccountName to empolyeeNumber, the CCMAdmin pages display messages that suggest these settings can't be changed unless all the LDAP details are removed.

If you do this, when you break/remove the existing LDAP settings, are all the End User details deleted from CUCM, or just marked inactive (for later deletion), or do they just hang around in Callmanager as if this was to be a stand-alone solution?

Presumably if you re-add all the LDAP settings, accounts will be re-imported from LDAP. What happens if you complete all these tasks while users are logged in, do directory searches and other services start failing.... or should this be done out of hours having forced all End Users to log out?

Thanks.

Ayodeji Okanlawon · ‎03-30-2009

When you delete the LDAP settings, the users are marked inactive and then later deleted after a 24hr period. So yes the users will be eventuall deleted.

Please rate all useful posts

Tommer Catlin · ‎03-30-2009

If the account user name stays the same, nothing will be changed. But what I found out was that I disabled LDAP for some BAT work which means deleted some LDAP entries. I added the entries back into CUCM. I thought it was fine because it was the same settings, etc. But since I did not force a resync, it deleted all my accounts. I think if I were to force a resync after setting it back up the accounts would have stayed. I could not test the theory out, but....

And like the other poster said, if there are mismtatched accounts, it will delete them. For example.... in CUCM there jdoe and in AD it's listed as John.Doe... jdoe is deleted in cucm.

CUCM 7.x & LDAP intergration changes - what happens to data in CUCM?