Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
606
Views
0
Helpful
2
Replies

Disable LDAP integration

Go to solution
j.huizinga
Level 6
Level 6

‎02-25-2011 01:10 AM - edited ‎03-16-2019 03:38 AM

Hi,

I have a configuration with CM 7.1 and AD integration.

What will happen if I remove the LDAP integration?

Will the users become normal endusers?

Or will they be deleted?

Just wondering.

Thanks,

Jan

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
gmendivi
Cisco Employee
Cisco Employee

‎02-25-2011 01:34 AM

Hello Jan,

When the LDAP sync agreement is removed, all the end users that it pulled in will be marked inactive. Later on, when DirSync garbage collection takes place (normally on a daily basis) then all the inactive users are removed. The passwords are definitely not stored in the CUCM database; only the hashes are stored in AD, and the authentication agreement just attempts a bind to see if the passwords match.

I think you can keep the users from being deleted from CUCM by disabling the DirSync service so that garbage collection doesn't happen. However, there's no way if you disable the authentication agreement for CUCM to have the correct password for those users.

I hope it clarifies your question,

German

View solution in original post

0 Helpful
2 Replies 2

Go to solution
gmendivi
Cisco Employee
Cisco Employee

‎02-25-2011 01:34 AM

Hello Jan,

When the LDAP sync agreement is removed, all the end users that it pulled in will be marked inactive. Later on, when DirSync garbage collection takes place (normally on a daily basis) then all the inactive users are removed. The passwords are definitely not stored in the CUCM database; only the hashes are stored in AD, and the authentication agreement just attempts a bind to see if the passwords match.

I think you can keep the users from being deleted from CUCM by disabling the DirSync service so that garbage collection doesn't happen. However, there's no way if you disable the authentication agreement for CUCM to have the correct password for those users.

I hope it clarifies your question,

German

0 Helpful

Go to solution
j.huizinga
Level 6
Level 6
In response to gmendivi

‎02-25-2011 02:46 AM

Hello German,

Thanks for the clarification.

I just wanted to be sure about this,

Bye,

Jan

0 Helpful
Customers Also Viewed These Support Documents