CUCM LDAP sync - How to keep local user accounts from becoming LDAP Synchronized Users?

jonathanwalton · ‎08-09-2017

When I convert an "Active LDAP Synchronized User" to a local user account (using the Local using the "Convert LDAP Synchronized User to Local User" checkbox), it works great....until the next scheduled LDAP sync, at which time the account is switched back to it back to an "Active LDAP Synchronized User". Anyway to keep these accounts local?

CUCM v10.5.2.12901-1

Kent Drugge · ‎08-09-2017

I'm going to work backwards, for how this is done on our system. (same CUCM version)

System > Ldap > Ldap Directory - Find button pulls up my Company Users, click that link

Ldap Directory Info window, Ldap Custom Filter = mine is "IP_Phone" <-- remember this.

System > Ldap > Ldap Custom Filter - click link on IP_Phone filter

Ldap Custom Filter Info - Filter* = (member=CM= "AD member permission group" )

In your Active Directory or whatever, users are a member of that group above ^.

Removing that group membership from their account should stop sync'ing them.

It's how mine works :)

jonathanwalton · ‎08-09-2017

Thanks for the reply, and I'm aware I can use filters to work around this issue, but I'm wondering if there is a way to stop the LDAP-Sync'd account from taking precedence over the local account when there is already a local account with the same ID.

Jaime Valencia · ‎08-09-2017

No, there is no way to stop this, if the ID of a local user matches that of an LDAP user, it will become an LDAP active user and that is WAD.

HTH

java

if this helps, please rate