cancel
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
9986
Views
33
Helpful
15
Replies

CUCM removing LDAP sync?

paultruscott
Level 1
Level 1

Hello,

Is it posible to remove an ldap sync integration on cucm 7.1.5 and move to the local database without losing user information? There have never been local users only the Application users.

I have read the documentation on integration with AD LDAP etc but would like to know if there is a set procedure for removing LDAP sync?

Any info would be great.


2 Accepted Solutions

Accepted Solutions

Rob Huffman
Hall of Fame
Hall of Fame

Hi Paul,

Have a look at this note from the 7.x SRND doc

Note

Once  users are synchronized from LDAP into the Unified CM database, deletion  of a synchronization configuration will cause users that were imported  by that configuration to be marked inactive in the database. Garbage  collection will subsequently remove those users.

From;

http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/srnd/7x/directry.html

Cheers!

Rob

"Hours are like diamonds, don't let them waste
Time waits for no one, no favors has he" 

- Stones

View solution in original post

Paul,

You can conver the users back to standard CUCM users using sql query update...Ths is easy to do

run sql update enduser set status=1

This will then make all the users active again on CUCM

If you have lots of users above 1,000 You may find that you get a memory allocation error using the sql update command

You can run the update in  batches with this command

run sql update enduser set status=1 where telephonenumber like ā€˜2%ā€™

This command will update users with extension beginning with 2

You can then change the number in the telephone number from 0 to 9 to do all users in batches

.

To make sure you got all the users you can use the command

run sql select * from enduser where status=0

This should return zero entry. If you find any user there then use the update command on those users

Please rate all useful posts

"opportunity is a haughty goddess who waste no time with those who are unprepared"

Please rate all useful posts

View solution in original post

15 Replies 15

Aman Soi
VIP Alumni
VIP Alumni

HI,

When LDAP syncronisation is enabled, you cannot create/delete users in CUCM v 7.After u disable LDAP syncrhnosation, u would be able to create local users in CUCM.

I think there is an option in CUCM 9 which allows to do so.Let me ckeck.

regds,

aman

Hi Aman,

Thanks for your reply.

Yes I understand i will be able to create/del users after the removal of the LDAP sync, I was wondering if all the user information that had been synced from the LDAP would stay or will it be removed from CUCM?

Hi,

There is a synchronisation mechanism which runs in call manager which could be set for  a specific time or made to run in hours, days, weeks.

During the syncronisation proceses, all pre-existing accounts are marked as inactive.after the synscronisation is completed, all inactive accounts are permanenetly deleted during the garbage collection process running.

Deletion of  accounts that do not match LDAPdirectory accounts is required  because Cisco Unified CallManager cannot manage accounts while synchronization is configured .


regds,

aman

Hi Aman,

I read that as well from the LDAP docs, but it doen't answer the question i think. That just states the garbage clean up when the cucm is sync'ed. I found the following from another post but I would like some more info on a supported procedure.

I've never disabled an LDAP integration in production, (just my lab) that all the users go into a 'status=2' state and aren't usable. You can run a SQL query to update the users to status=1 in the  enduser table to restore them to active.

Hi ,

I had also checked the SRND and it says that Garbage collection process runs everyday at fixed time of 3:15AM.

Regarding the users going into Inactive state , let me check.

Where do you find the Status as "2" ?

regds,

aman

Hello,

As per my understanding all the End users will remain unchanged when you disable LDAP Integration.

You could export your current End Users from BAT as a Backup.

Thanks

Johns

Info from the docs:

Once users are synchronized from LDAP into the Unified CM database, deletion of a synchronization configuration will cause users that were imported by that configuration to be marked inactive in the database. Garbage collection will subsequently remove those users.

So you can never go back to a local database once sync'ed with LDAP and keep the user data. Really??

Thnx Rob, was just writing this when you posted

Rob Huffman
Hall of Fame
Hall of Fame

Hi Paul,

Have a look at this note from the 7.x SRND doc

Note

Once  users are synchronized from LDAP into the Unified CM database, deletion  of a synchronization configuration will cause users that were imported  by that configuration to be marked inactive in the database. Garbage  collection will subsequently remove those users.

From;

http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/srnd/7x/directry.html

Cheers!

Rob

"Hours are like diamonds, don't let them waste
Time waits for no one, no favors has he" 

- Stones

Hi,

I was referring to LDAP enhancement introduced in CUCM 9

Prior to CUCM 9.0

-Enabling LDAP sync would prohibit adding local users

-End user to be used by CUCM must be defined on AD and synched

-Extra users could trigger extra CALā€™s on the MS AD

CUCM 9.0

-Administrator can have both LDAP sync users and locally defined users

-Ability to modify local users and roles assigned to LDAP users

-Deleting LDAP synch will mark users synced for deletion (garbage collection)

-Administrator can convert an LDAP user to a local user

In User List, u will find Active Local User and Active LDAP Syncronised User.

regds,

aman

Hi Aman,

Great reference notes on these changes my friend! +5

Cheers!

Rob

"Hours are like diamonds, don't let them waste
Time waits for no one, no favors has he" 

- Stones

Yes very nice Aman +5 also.

Thank you for your input guys, much appreciated.

Paul,

You can conver the users back to standard CUCM users using sql query update...Ths is easy to do

run sql update enduser set status=1

This will then make all the users active again on CUCM

If you have lots of users above 1,000 You may find that you get a memory allocation error using the sql update command

You can run the update in  batches with this command

run sql update enduser set status=1 where telephonenumber like ā€˜2%ā€™

This command will update users with extension beginning with 2

You can then change the number in the telephone number from 0 to 9 to do all users in batches

.

To make sure you got all the users you can use the command

run sql select * from enduser where status=0

This should return zero entry. If you find any user there then use the update command on those users

Please rate all useful posts

"opportunity is a haughty goddess who waste no time with those who are unprepared"

Please rate all useful posts

Hi Rob/Paul,

Thanks a lot for recognition.

Gr8 learning from Mr.Aokanlawon.

regds,

aman

Not exactly describing the problem but find it useful: today I needed to add 1000 Local users to my CUCM Integrated LDAP.
I was not able to do it through BAT, so I decided to create the users in LDAP, import them and then convert them to Local users using the following:

run sql ccm update enduser set fkdirectorypluginconfig=NULL where userid like '12121%'

I was not able to find a way to do it in Bulk via BAT.
HTH