cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
6500
Views
5
Helpful
6
Replies

Delete users from the old LDAP directory sync

Difan Zhao
Contributor
Contributor

Happy holidays!

I have a CUCM11.5 that was setup by the contractors. It had LDAP configured to sync the users. We recently changed the AD structure and I will have to change the search base. Having found that it is not possible, I need to delete and re-add the LDAP directories. It is fine because the system is not fully in production yet. 

The problem is that I expected the current users to be gone from the CUCM user DB after I deleted the directory setting. However that did not happen. Is it normal? I want to have some expert advise as to what I should do before I put the correct LDAP directory setting back in. I want a clean system after it. I worry that when I add the new one some users will double in the DB.. Any thoughts?

Thanks,

Difan

1 Accepted Solution

Accepted Solutions

Jaime Valencia
Hall of Fame Cisco Employee Hall of Fame Cisco Employee
Hall of Fame Cisco Employee

Users will not disappear immediately after you delete a sync agreement:

https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/srnd/collab11/collab11/directry.html#pgfId-1045229

HTH

java

if this helps, please rate

View solution in original post

6 Replies 6

Jaime Valencia
Hall of Fame Cisco Employee Hall of Fame Cisco Employee
Hall of Fame Cisco Employee

Users will not disappear immediately after you delete a sync agreement:

https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/srnd/collab11/collab11/directry.html#pgfId-1045229

HTH

java

if this helps, please rate

“When the garbage collection runs at 3:15 AM on January 2, the record has not yet been inactive for 24 hours.” - I believe that this is my answer. It also looks like that as long as the user ID remains the same, it will only mark the old one active or inactive. It should not create duplicate ones. Either way the old one will go away after a couple of days. 

 

Thank you!

The many attribute to match is the surname (lastname). The difference in
first name won't be considered. You need to make sure that last name is
matched. In this case CUCM will keep the user as active. Else, it will be
considered as inactive.

Are you saying that it will also match the surname beside just the user ID? It can't just match the surname.. Too manys are with the same surname... Thanks

Yes. It will match the surname as well since its mandatory attribute.

OK, I think there's some confusion here

 

  • Ensure that the LDAP directory attribute chosen to map into the Unified CM UserID field is unique within all synchronization agreements for that cluster.
  • The attribute chosen as UserID must not be the same as that for any of the Application Users defined in Unified CM.
  • The LDAP attribute sn(lastname) is a mandatory attribute for LDAP Synchronization of users.
  • An existing account in the Unified CM database before synchronization is maintained only if an account imported from the LDAP directory has a matching attribute. The attribute that is matched to the Unified CM UserID is determined by the synchronization agreement.

The sn field in LDAP CANNOT be blank, there must be a value in it, but that is not used to match users, you use whatever filed you configured as the userID, and that's why all the values must be UNIQUE.

HTH

java

if this helps, please rate
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers