12-16-2011 04:30 AM - edited 03-16-2019 08:34 AM
We have and 8.5.1 SU2 CUCM system and are doing some testing offline prior to moving the production system to an AD sync.
If the synced users have the same names in CUCM and AD then they will be matched and work fine, user names that exist in the CUCM (eg user names spelt wrong or without an AD account) but not in AD will be marked inactive and then deletion, after the garbage collection time these users will disappear completely, this is what I would expect.
If we then decide to turn off the CUCM AD sync (say 10 mins later to role back for what ever reason ) and deleted the sync configuration I would expect the AD synced users to be marked for deletion and the user that were marked inactive and marked for deletion to be active again as before.
This does not seam to be the case, the original users that were marked for deletion are still there and look active, and all the config to associate to EM profiles ect seems to be the in the config but the users are locked out as if they didn't exist. Even if you reset the password for the user or update the data - that user is now dead and unusable. We have also tried a total reboot of the cluster thinking some thing could be stuck but that didn't help.
So the questions are
Any help or ideas would be appreciated
Thanks
12-16-2011 06:44 AM
Did you configure both LDAP Sync and LDAP Authentication?
When you said "he users are locked out as if they didn't exist", what exactly did you mean?
If they cannot log into CCMUser page, you may take a look at Tomcat Security log.
Michael
12-19-2011 01:48 AM
Hi thanks for the reply,
It was just Sync configured to start with, but it will be authentication later.
Users were configured pre sync eg "richardp" and they ould log in to CCM end user page, log into extension mobility, log in with CUCiLync. We then synced and the user "richardp" was marked for deletion as there was no "richardp" in the AD and inactive, after the sync has been taken away 10 mins later I would have expected that user "richardp" to work again as before but it didn't. Could not log in to EM, CCM user page or CUCiLync.
When you check the End user page on CUCM the user "richardp" is there, not marked as inactive looks ok to use, you go in the config for the user and you see all the EM association, CCM groups etc. but still the user can't log into anything. Even if you rest passwords and reboot the cluster that user can't be used.
This happens for every user that was in the database pre sync when you try and role back the sync.
Very strange.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide