Re: Integrating LDAP in read only (keep CM in DC directory)

jeff.garvas · ‎10-09-2008

Is it possible to integrate CM6.11 with an Active Directory environment for authentication purposes and creating a directory, but with a read only account and keeping the CM configuration in DC directory?

sbilgi · ‎10-15-2008

Yes you can integrate CM6.11 with an Active Directory environment for authentication purposes. The Cisco CallManager uses a Lightweight Directory Access Protocol (LDAP) to store user information (authentication and authorization information) for CallManager applications. This directory (the DC directory) works in conjunction with Cisco CallManager.

jeff.garvas · ‎10-15-2008

But can (and how do you) set it up so that what call manager wants to write into LDAP is done locally in DC directory, and the remote LDAP is used solely for user authentication and creating a corporate dialing directory?

I want to avoid writing into the corporate LDAP directory at all.

James Hawkins · ‎10-15-2008

DC directory no longer exists in CUCM6.x (or 5.x for that matter).

Unlike CM4.x the Linux based versions do not write anything to an external LDAP directory.

They can be configured to import user accounts from an LDAP directory such as AD but it strictly a one way process.

Read the LDAP Directory Integration chapter of the SRND for more details.

http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/srnd/6x/directry.html

jeff.garvas · ‎10-15-2008

Thanks!