06-18-2012 08:06 AM - edited 03-16-2019 11:43 AM
Hello, colleague!
I try to implement LDAP filter sync CUCM8.6 an Microsoft AD (Win2003 Server):
(&(objectCategory=person)(objectClass=user)(!userAccountControl:1.2.840.113556.1.4.803:=2)(ipPhone=*))
This filter get all users with nonempty "IP Phone" field.
I check my filter from AD - filter work correctly. When I try to point this filter to CUCM LDAP AD, I get error:
"Error while connecting to LDAP. Invalid filter used."
Can be required to specify OU and DC in my filter???
Please, help!
Solved! Go to Solution.
06-18-2012 10:17 AM
Hi
Try
(&(objectCategory=person)(objectClass=user)(ipPhone=*)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
Aaron
06-18-2012 10:17 AM
Hi
Try
(&(objectCategory=person)(objectClass=user)(ipPhone=*)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
Aaron
06-18-2012 02:07 PM
Thank you, Aaron! Now filter work properly!
06-18-2012 02:24 PM
Happy to help :-)
Principal Engineer at Logicalis UK
07-18-2012 03:24 PM
Aaron:
I was able to get a filter for the IP Phone filed to work fine on CUCM 8.5.1 and AD 2003. Any reason you know of why your filter in this post is not working on my production CUCM 8.5.1 and AD 2008 r2? SRND doesn't say it's NOT supported.
John
07-19-2012 01:01 AM
Hi John
Have you checked that the ipPhone fields are populated?
There's no reason it shouldn't work, I've just tested it now...
Aaron
07-19-2012 07:09 AM
The LDAP sync is pulling in all users—with and without IP Phone number populated. We had about 1000 users in CM prior to the sync and now we have 3000 users after the sync. A spot check of the users shows that we are not filtering out the users without the IP Phone field populated. And I did double check to make sure I added the filter to the sync info! See my screenshots:
07-25-2012 02:08 PM
So after further investigation, I found out the the customer is using AD 2008 R2 64-bit. Not sure if that has anything to do with it, but I finally got the following filter to work properly:
(&(objectclass=user)(&(ipPhone=*))(!(objectclass=Computer))(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))
The difference here versus the original filter format in this thread is the additional "&" in the ipPhone portion of the filter (and the parentheses for the section too).
Hope that is beneficial to someone down the road!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: