Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
379
Views
0
Helpful
0
Replies

CUCM Custom LDAP Filter - DN?

zsmithtek
Level 1
Level 1

‎03-08-2021 12:12 PM

I am trying to create a custom LDAP filter which filters on the Distinguished Name attribute of user accounts.  The AD structure, unfortunately is causing this.  I have a top-level OU called 'Users and Groups'  Under this OU are several sub-OUs.  "accounting", "HR", etc.  I have about 30 OUs underneath "Users and Groups"

 

One of these OUs needs its own LDAP directory import config from CUCM because I have a different FGT assigned to this Import.  I have the search base filtered on this OU as the top level.  So for example I have my 'main' import which has a search base of DC=Company,DC=Com.  Then i have the one for this particular OU, let's call it TEST, which has a search base of "OU=Users and Groups,OU=TEST,DC=Company,DC=com"

 

So my search base filter works for my specific OU, but the 'main' import will also have objects from that OU included as it overlaps.  I want to avoid any potential imports assigning the wrong FGT. I'll end up needing to do this for about 4 or 5 other AD import configs in call manager.

 

I'd rather not create a bunch of security groups and filter off of this. Ideally, I'll filter off distinguishedName attribute for a user account. I currently have a filter which looks for user account control, ipPhone not being blank and object of user. This works fine. I thought I'd add a (distinguishedName=*TEST*) to my filter but this does not work. If I enter the full DN of my user instead of *TEST* this imports the user. I need to use a wildcard. My thought process is if I can get this to work, then I can substitue the = for a != in my main filter. I'm testing this way as to avoid other unintentional imports.

 

Any ideas on how to add a wildcard to the distinguishedName attribute on the filter? I'm not aware of logic that reads "distinguishedName contains..." So i'm using = with wildcards. Basically just want to say "if distinguished name contains "TEST" then import" I will make my permanent filter on my 'main' import of "distinguishedName does not contain "TEST"

 

I suppose i could remove read access for the OUs from my import user. But also looking to see if anyone has done a distinguished name filter.

 

Thanks for the help.  

 

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents