Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2246
Views
0
Helpful
8
Replies

CUCM - Disable LDAP - Upgrade

Go to solution
philippe.cousineau
Level 4
Level 4

‎05-27-2013 10:40 AM - edited ‎03-16-2019 05:32 PM

Hi there,

If I have a CUCM integrated with LDAP, I would like to backup this CUCM and do a restore of it off-site at a laboratory where the LDAP server is not available.

To avoid a sync where it loose all the end-user information because the ldap is not reachable, what are the best practices ?

Do we diasable a service, delete the LDAP directory and authentication entry, or do we set the next sync date to a couples of month to avoid the sync.

anyone ?

thanks,                  

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Ayodeji Okanlawon
VIP Alumni
VIP Alumni

‎05-27-2013 12:36 PM

Hi,

  Once users are synchronized from LDAP into the Unified CM database, deletion of a synchronization

configuration will cause users that were imported by that configuration to be marked inactive in the

database. Garbage collection will subsequently remove those users.

Garbage collection is a process that runs automatically at the fixed time of 3:15 AM, and it is not

configurable.

When you disable AD integration, it leaves those users with a status=2 (inactive) value.   what you can do is to run the command below to  make this users active again...

run sql update enduser set status=1

Please rate all useful posts

"opportunity is a haughty goddess who waste no time with those who are unprepared"

Please rate all useful posts

View solution in original post

0 Helpful

Go to solution
Ayodeji Okanlawon
VIP Alumni
VIP Alumni
In response to philippe.cousineau

‎05-29-2013 07:19 AM

Yes..Once you configure your ldap, perform a SYNC and all the users will be imported

Please rate all useful posts

"opportunity is a haughty goddess who waste no time with those who are unprepared"

Please rate all useful posts

View solution in original post

0 Helpful
8 Replies 8

Go to solution
Chris Deren
Hall of Fame
Hall of Fame

‎05-27-2013 12:25 PM

If LDAP server is not available I don't think any users will be purged out, they will stay as they are.

HTH,

Chris

0 Helpful

Go to solution
Ayodeji Okanlawon
VIP Alumni
VIP Alumni

‎05-27-2013 12:36 PM

Hi,

  Once users are synchronized from LDAP into the Unified CM database, deletion of a synchronization

configuration will cause users that were imported by that configuration to be marked inactive in the

database. Garbage collection will subsequently remove those users.

Garbage collection is a process that runs automatically at the fixed time of 3:15 AM, and it is not

configurable.

When you disable AD integration, it leaves those users with a status=2 (inactive) value.   what you can do is to run the command below to  make this users active again...

run sql update enduser set status=1

Please rate all useful posts

"opportunity is a haughty goddess who waste no time with those who are unprepared"

Please rate all useful posts
0 Helpful

Go to solution
philippe.cousineau
Level 4
Level 4
In response to Ayodeji Okanlawon

‎05-29-2013 07:11 AM

Another one...

Let's say, I have a production setup with LDAP integration.

I would like to install a new version in laboratory, the lab don't have the access to the LDAP server.

Is it possible to..

Use the bulk to export the end-user ( with LDAP) from production..

Import the bulk-end-user to the LAB ( with no ldap configure )

Then, when we will go in production we will activate the ldap so the end user password will be populate, etc.

Could it be a possible way ? any other suggestion ?

0 Helpful

Go to solution
Ayodeji Okanlawon
VIP Alumni
VIP Alumni
In response to philippe.cousineau

‎05-29-2013 07:14 AM

No,

You cant do that because once you activate LDAP sync all local users will be marked inactive...user passwords are not populated in CUCM, they stay in ldap and cucm performs authenticatio against LDAP

Please rate all useful posts

"opportunity is a haughty goddess who waste no time with those who are unprepared"

Please rate all useful posts
0 Helpful

Go to solution
philippe.cousineau
Level 4
Level 4
In response to Ayodeji Okanlawon

‎05-29-2013 07:17 AM

So, we really need to import them when the CUCM speak to the ldap i guess?

0 Helpful

Go to solution
Ayodeji Okanlawon
VIP Alumni
VIP Alumni
In response to philippe.cousineau

‎05-29-2013 07:19 AM

Yes..Once you configure your ldap, perform a SYNC and all the users will be imported

Please rate all useful posts

"opportunity is a haughty goddess who waste no time with those who are unprepared"

Please rate all useful posts
0 Helpful

Go to solution
philippe.cousineau
Level 4
Level 4
In response to Ayodeji Okanlawon

‎05-29-2013 12:41 PM

aokanlawon

But..

if :

Production MCS server : Use the bulk to export the end-user ( with LDAP)

Laboratory with no LDAP -  UCS Server  : Import the bulk-end-user to the Laboratory

Laboratory UCS Server: run the : run sql update enduser set status=1

Lets say, this is temporary and we know that the end users will have no password set because it's in AD.

Then, when we will go in production with the UCS, we will activate the ldap on it so the end user in the local data base will be associated with the end-user in LDAP and password will be populate, I guess ?

0 Helpful

Go to solution
Ayodeji Okanlawon
VIP Alumni
VIP Alumni
In response to philippe.cousineau

‎05-29-2013 01:11 PM

No it doesnt work like that. When you activate LDAP..users can only pulled from LDAP. There is no local user populating password etc..You have only LDAP to import your users, except if you are running CUCM9.X where you can also define users locally...

Please rate all useful posts

"opportunity is a haughty goddess who waste no time with those who are unprepared"

Please rate all useful posts
0 Helpful
Customers Also Viewed These Support Documents