ā03-19-2013 06:44 AM - edited ā03-16-2019 04:20 PM
Hello,
Is it posible to remove an ldap sync integration on cucm 7.1.5 and move to the local database without losing user information? There have never been local users only the Application users.
I have read the documentation on integration with AD LDAP etc but would like to know if there is a set procedure for removing LDAP sync?
Any info would be great.
Solved! Go to Solution.
ā03-19-2013 07:43 AM
Hi Paul,
Have a look at this note from the 7.x SRND doc
Note
Once users are synchronized from LDAP into the Unified CM database, deletion of a synchronization configuration will cause users that were imported by that configuration to be marked inactive in the database. Garbage collection will subsequently remove those users.
From;
http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/srnd/7x/directry.html
Cheers!
Rob
"Hours are like diamonds, don't let them waste
Time waits for no one, no favors has he"
- Stones
ā03-19-2013 08:32 AM
Paul,
You can conver the users back to standard CUCM users using sql query update...Ths is easy to do
run sql update enduser set status=1
This will then make all the users active again on CUCM
If you have lots of users above 1,000 You may find that you get a memory allocation error using the sql update command
You can run the update in batches with this command
run sql update enduser set status=1 where telephonenumber like ā2%ā
This command will update users with extension beginning with 2
You can then change the number in the telephone number from 0 to 9 to do all users in batches
.
To make sure you got all the users you can use the command
run sql select * from enduser where status=0
This should return zero entry. If you find any user there then use the update command on those users
Please rate all useful posts
"opportunity is a haughty goddess who waste no time with those who are unprepared"
ā03-19-2013 06:51 AM
HI,
When LDAP syncronisation is enabled, you cannot create/delete users in CUCM v 7.After u disable LDAP syncrhnosation, u would be able to create local users in CUCM.
I think there is an option in CUCM 9 which allows to do so.Let me ckeck.
regds,
aman
ā03-19-2013 06:56 AM
Hi Aman,
Thanks for your reply.
Yes I understand i will be able to create/del users after the removal of the LDAP sync, I was wondering if all the user information that had been synced from the LDAP would stay or will it be removed from CUCM?
ā03-19-2013 07:05 AM
Hi,
There is a synchronisation mechanism which runs in call manager which could be set for a specific time or made to run in hours, days, weeks.
During the syncronisation proceses, all pre-existing accounts are marked as inactive.after the synscronisation is completed, all inactive accounts are permanenetly deleted during the garbage collection process running.
Deletion of accounts that do not match LDAPdirectory accounts is required because Cisco Unified CallManager cannot manage accounts while synchronization is configured .
regds,
aman
ā03-19-2013 07:11 AM
Hi Aman,
I read that as well from the LDAP docs, but it doen't answer the question i think. That just states the garbage clean up when the cucm is sync'ed. I found the following from another post but I would like some more info on a supported procedure.
I've never disabled an LDAP integration in production, (just my lab) that all the users go into a 'status=2' state and aren't usable. You can run a SQL query to update the users to status=1 in the enduser table to restore them to active.
ā03-19-2013 07:25 AM
Hi ,
I had also checked the SRND and it says that Garbage collection process runs everyday at fixed time of 3:15AM.
Regarding the users going into Inactive state , let me check.
Where do you find the Status as "2" ?
regds,
aman
ā03-19-2013 07:32 AM
Hello,
As per my understanding all the End users will remain unchanged when you disable LDAP Integration.
You could export your current End Users from BAT as a Backup.
Thanks
Johns
ā03-19-2013 07:45 AM
Info from the docs:
Once users are synchronized from LDAP into the Unified CM database, deletion of a synchronization configuration will cause users that were imported by that configuration to be marked inactive in the database. Garbage collection will subsequently remove those users.
So you can never go back to a local database once sync'ed with LDAP and keep the user data. Really??
Thnx Rob, was just writing this when you posted
ā03-19-2013 07:43 AM
Hi Paul,
Have a look at this note from the 7.x SRND doc
Note
Once users are synchronized from LDAP into the Unified CM database, deletion of a synchronization configuration will cause users that were imported by that configuration to be marked inactive in the database. Garbage collection will subsequently remove those users.
From;
http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/srnd/7x/directry.html
Cheers!
Rob
"Hours are like diamonds, don't let them waste
Time waits for no one, no favors has he"
- Stones
ā03-19-2013 07:46 AM
Hi,
I was referring to LDAP enhancement introduced in CUCM 9
Prior to CUCM 9.0
-Enabling LDAP sync would prohibit adding local users
-End user to be used by CUCM must be defined on AD and synched
-Extra users could trigger extra CALās on the MS AD
CUCM 9.0
-Administrator can have both LDAP sync users and locally defined users
-Ability to modify local users and roles assigned to LDAP users
-Deleting LDAP synch will mark users synced for deletion (garbage collection)
-Administrator can convert an LDAP user to a local user
In User List, u will find Active Local User and Active LDAP Syncronised User.
regds,
aman
ā03-19-2013 08:21 AM
Hi Aman,
Great reference notes on these changes my friend! +5
Cheers!
Rob
"Hours are like diamonds, don't let them waste
Time waits for no one, no favors has he"
- Stones
ā03-19-2013 08:26 AM
Yes very nice Aman +5 also.
Thank you for your input guys, much appreciated.
ā03-19-2013 08:32 AM
Paul,
You can conver the users back to standard CUCM users using sql query update...Ths is easy to do
run sql update enduser set status=1
This will then make all the users active again on CUCM
If you have lots of users above 1,000 You may find that you get a memory allocation error using the sql update command
You can run the update in batches with this command
run sql update enduser set status=1 where telephonenumber like ā2%ā
This command will update users with extension beginning with 2
You can then change the number in the telephone number from 0 to 9 to do all users in batches
.
To make sure you got all the users you can use the command
run sql select * from enduser where status=0
This should return zero entry. If you find any user there then use the update command on those users
Please rate all useful posts
"opportunity is a haughty goddess who waste no time with those who are unprepared"
ā03-19-2013 08:35 AM
Hi Rob/Paul,
Thanks a lot for recognition.
Gr8 learning from Mr.Aokanlawon.
regds,
aman
ā08-15-2014 04:33 PM
Not exactly describing the problem but find it useful: today I needed to add 1000 Local users to my CUCM Integrated LDAP.
I was not able to do it through BAT, so I decided to create the users in LDAP, import them and then convert them to Local users using the following:
run sql ccm update enduser set fkdirectorypluginconfig=NULL where userid like '12121%'
I was not able to find a way to do it in Bulk via BAT.
HTH
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide