Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
9699
Views
5
Helpful
8
Replies

LDAP Authentication to multiple domains

Go to solution
abraham23482
Level 1
Level 1

‎06-21-2017 01:35 PM - edited ‎03-17-2019 10:37 AM

Hi All,

We have a requirement to integrate our CUCM cluster to a 2nd domain. We were able to add the second one as an additional LDAP directory and import the users. 

The issue is with LDAP authentication. There is no option to add another LDAP authentication config. So users cannot login to Jabber or use the self service URLs. 

I read that SSO or LDAP Proxy are the solutions here but was wondering if there was an easier option without much change to how things work today? 

Can someone lead me to the best possible solution here and a documentation to do that? Thank you

Abraham

1 person had this problem
Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Jaime Valencia
Cisco Employee
Cisco Employee
In response to abraham23482

‎06-22-2017 06:32 AM

http://www.cisco.com/c/en/us/support/docs/voice-unified-communications/unified-communications-manager-version-80/111979-ucm-multi-forest-00.html

HTH

java

if this helps, please rate

View solution in original post

0 Helpful

Go to solution
Chris Deren
Hall of Fame
Hall of Fame
In response to abraham23482

‎06-22-2017 06:33 AM

http://www.cisco.com/c/en/us/support/docs/voice-unified-communications/unified-communications-manager-version-80/111979-ucm-multi-forest-00.html

View solution in original post

8 Replies 8

Go to solution
Jaime Valencia
Cisco Employee
Cisco Employee

‎06-21-2017 02:02 PM

If those are different forests, there is no way besides using ADAM/LDS.

HTH

java

if this helps, please rate
0 Helpful

Go to solution
abraham23482
Level 1
Level 1
In response to Jaime Valencia

‎06-22-2017 06:27 AM

Thank you Jamie and Chris

Can you please point me to a URL for the documentation about ADAM/LDS

Thanks

Abraham

0 Helpful

Go to solution
Jaime Valencia
Cisco Employee
Cisco Employee
In response to abraham23482

‎06-22-2017 06:32 AM

http://www.cisco.com/c/en/us/support/docs/voice-unified-communications/unified-communications-manager-version-80/111979-ucm-multi-forest-00.html

HTH

java

if this helps, please rate
0 Helpful

Go to solution
abraham23482
Level 1
Level 1
In response to Jaime Valencia

‎06-22-2017 06:34 AM

Thank you both. 

Have a wonderful day. 

Abraham

0 Helpful

Go to solution
abraham23482
Level 1
Level 1
In response to Jaime Valencia

‎06-27-2017 12:04 PM

Hi 

We hit another challenge here. We are on version 9.1 and to use ADAM / LDS the document says

" The number of user accounts to be synchronized must not exceed 60,000 accounts per CUCM Publisher. When more than 60,000 accounts need to be synchronized, the IP Phone Services Software Development Kit (SDK) must be used in order to provide a custom directory. See the Cisco Developer Network for additional details. When you use Unified CM Release 10.0(1) or later, the maximum number of user accounts supported is 160,000."

We are going to be more than 85000. Do you know if there is any workaround for this?

Abraham

0 Helpful

Go to solution
Chris Deren
Hall of Fame
Hall of Fame
In response to abraham23482

‎06-27-2017 05:50 PM

I am not aware of a workaround. Do you require all 85K accounts to be brought into CUCM? If not you can either put in LDAP filter or point to more explicit search bases.

0 Helpful

Go to solution
Chris Deren
Hall of Fame
Hall of Fame
In response to abraham23482

‎06-22-2017 06:33 AM

http://www.cisco.com/c/en/us/support/docs/voice-unified-communications/unified-communications-manager-version-80/111979-ucm-multi-forest-00.html

Go to solution
Chris Deren
Hall of Fame
Hall of Fame

‎06-22-2017 06:17 AM

As Jaime points out if this is separate forest you're option is LDS. If this is another domain within the same forest you can simply points the authentication to the root of your forest. i.e. cn=company, cn=com.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents