Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1257
Views
5
Helpful
9
Replies

Help with LDAP filter

Karl Jacobsen
Level 1
Level 1

‎09-13-2012 12:44 PM - edited ‎03-16-2019 01:11 PM

I just enabled the LDAP sync on my CallManager 8.6 server and I'd like to set up a filter to not sync any account that has the telephoneNumber field blank. Would (telephoneNumber! ) be correct?      

Labels:
0 Helpful
9 Replies 9

Chris Deren
Hall of Fame
Hall of Fame

‎09-13-2012 01:30 PM

Here is one that will only bring in users with telephoneNumber that starts with "+" sign or "1", you can adjust it to include other numbers by simply adding clauses for those:

(&(objectclass=user)(!(objectclass=Computer))(|(telephoneNumber=+*)(telephoneNumber=1*)))

HTH,

Chris

Ayodeji Okanlawon
VIP Alumni
VIP Alumni

‎09-13-2012 01:31 PM

Hi,

It should look like this..

(&(objectCategory=person)(objectClass=user)(telephoneNumber=*)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))

Please rate all useful posts

"'Nature is too thin a screen, the glory of the omnipresent God bursts through it everywhere"-Ralph Waldo Emerson

Please rate all useful posts
0 Helpful

Karl Jacobsen
Level 1
Level 1

‎09-14-2012 06:09 AM

Thank you both for the quick replies. Two questions.... First what is the difference between the two filters listed above. Secondly, Chris, our extensions start with either a 1, 3, 5, or 8. How do I account for this?

0 Helpful

Chris Deren
Hall of Fame
Hall of Fame
In response to Karl Jacobsen

‎09-14-2012 06:19 AM

If you look closely they are very similar and both would work, the main difference is that Deji's filter checks if user is inactive in AD. As to the number you can use Deji's method of simple wildcard "*".

HTH,

Chris

0 Helpful

Ayodeji Okanlawon
VIP Alumni
VIP Alumni
In response to Karl Jacobsen

‎09-14-2012 06:23 AM

They are very similar except that one will import all users with telephoneNumber fieldd set to anything and the other will import only users with telephoneNumber starting with either 1 or +

You can use the filter below which uses the wildcard *

(&(objectclass=user)(!(objectclass=Computer))(telephoneNumber=*)(!

(UserAccountControl:1.2.840.113556.1.4.803:=2)))

Please rate all useful posts

"'Nature is too thin a screen, the glory of the omnipresent God bursts through it everywhere"-Ralph Waldo Emerson

Please rate all useful posts
0 Helpful

Karl Jacobsen
Level 1
Level 1

‎09-14-2012 06:33 AM

Thank you both. I'm going to try Deji's filter and see what I get.

0 Helpful

Ayodeji Okanlawon
VIP Alumni
VIP Alumni
In response to Karl Jacobsen

‎09-14-2012 06:34 AM

Ok cool. Lets know how you get on...In the mean time..dont forget to rate all useful posts!

Please rate all useful posts

"'Nature is too thin a screen, the glory of the omnipresent God bursts through it everywhere"-Ralph Waldo Emerson

Please rate all useful posts
0 Helpful

Karl Jacobsen
Level 1
Level 1

‎09-19-2012 05:55 AM

So I asked TAC to look this over and the string they gave me was (&(objectClass=user)(telephoneNumber=*))

I applied it and it seems to be working successfully.

0 Helpful

Ayodeji Okanlawon
VIP Alumni
VIP Alumni
In response to Karl Jacobsen

‎09-19-2012 06:00 AM

Well we already gave you that filter, I guess you feel more comfortable with TAC. But be aware that the filter TAC gave you will import users who are disabled in your AD. I am sure you dont want to import disabled users. You can test it by creating a test user and then disable the user..then perform a fresh ldap sync and I bet they willl appear in cucm

Please rate all useful posts

"'Nature is too thin a screen, the glory of the omnipresent God bursts through it everywhere"-Ralph Waldo Emerson

Please rate all useful posts
0 Helpful
Customers Also Viewed These Support Documents