Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2087
Views
0
Helpful
4
Replies

LDAP integration CUCM 11.5 with Extension mobility

Go to solution
jimihendrix1
Level 1
Level 1

‎09-21-2017 03:10 AM - edited ‎03-17-2019 11:12 AM

Hi All,

 

Is there any way that you can use the extension number as the user-id when logging into the phone when using an LDAP integration because users don’t want to type alphabetical letters from the keypad of the phone. When the user accounts from LDAP are synced it populates the user id as the username. Users are complaining that it’s too cumbersome to type their user names they just want to log in using their extension number and the LDAP integration must be kept intact for simplifying admin.

 

Thank you so much!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Slavik Bialik
Level 7
Level 7

‎09-21-2017 04:00 AM

Hi, the only way to do it (at least that I know of), is to configure the LDAP settings to be synced by the "telephoneNumber" field from the Active Directory. That way, all the user names in the CUCM will be their extension. I think it is bad idea, and I wouldn't suggest it to any of my customers. Especially if they have Cisco Jabber, because that means that after this change they'll also have to login to Jabber with their extension and not organizational username.

Also means, that those that don't have extension in the "telephoneNumber" in the Active Directory, won't be synced to CUCM, and they won't able to login to Cisco Jabber to get services like directory and chats.

What I can suggest is maybe use the field named "employeeNumber", there are customers of mine that I know they populating this field with the ID of the person or his employee number in the company, and in the settings that I'm talking about you can choose to sync the user names with the Employee Number, and that way they will login with their employee number, which is more unique and more easy to manage, because if you'll use "telephoneNumber" think of those cases that you'll have switch between users and their extensions, and you'll forget from time to time that you need to do those changes also in the Active Directory (always happens), but if you have a unique ID for each person in the organization that is configured from the start of his employment, it'll be final.

Take under consideration that if you're using Cisco Jabber in the organization, you'll have to do few changes in order for the Cisco Jabber will be able properly work with the change above, because I'm guessing that in their computers they're logging with their user name (sAMAccountName), and if you won't do this change the auto discover process when a person is opening Cisco Jabber won't work and he'll always need to enter his URI and then his username and password.

 

Anyway, I'm talking about this settings (System -> LDAP -> LDAP System), image attached also.

View solution in original post

Preview file
4 KB
0 Helpful
4 Replies 4

Go to solution
Jitender Bhandari
Cisco Employee
Cisco Employee

‎09-21-2017 04:00 AM

Hi,

 

So under LDAP System Settings you would fine below option

 

LDAP System Settings

The following table describes the LDAP system settings.

LDAP System Settings

Field

Description

LDAP System Information

Enable Synchronizing from LDAP Server

To enable synchronization of data from the customer LDAP server, check this check box.

If synchronization with the LDAP server is enabled, the following circumstances occur:

  • You cannot modify end user data, except for the fields (attributes) that are not synchronized from the corporate directory. Example: user PIN. (The administrator can always modify application user data.)
  • You can modify the LDAP Directory information.
  • You can modify LDAP Authentication information.

If synchronization with the LDAP server is not enabled (is disabled):

  • You can modify LDAP Directory information.
  • You can modify LDAP Authentication information.

LDAP Server Type

If synchronization with the LDAP server is currently enabled, you can choose one of the selections in this drop-down list box. Choose the value that corresponds to the customer LDAP server type.

LDAP Attribute for User ID

If synchronization with the LDAP server is enabled, you can choose an LDAP attribute value for the user ID. Choose a value from the drop-down list; the options depend on the LDAP server that you are using.

 

whatever field you choos from the fropdown for "LDAP Attribute for User ID" would be you UcerID in CUCM that you would use to login to EM. So if you choose an option which has only numeric value then your user would not have to type alphabets.

 

(Rate if it helps)

 

JB

0 Helpful

Go to solution
Slavik Bialik
Level 7
Level 7

‎09-21-2017 04:00 AM

Hi, the only way to do it (at least that I know of), is to configure the LDAP settings to be synced by the "telephoneNumber" field from the Active Directory. That way, all the user names in the CUCM will be their extension. I think it is bad idea, and I wouldn't suggest it to any of my customers. Especially if they have Cisco Jabber, because that means that after this change they'll also have to login to Jabber with their extension and not organizational username.

Also means, that those that don't have extension in the "telephoneNumber" in the Active Directory, won't be synced to CUCM, and they won't able to login to Cisco Jabber to get services like directory and chats.

What I can suggest is maybe use the field named "employeeNumber", there are customers of mine that I know they populating this field with the ID of the person or his employee number in the company, and in the settings that I'm talking about you can choose to sync the user names with the Employee Number, and that way they will login with their employee number, which is more unique and more easy to manage, because if you'll use "telephoneNumber" think of those cases that you'll have switch between users and their extensions, and you'll forget from time to time that you need to do those changes also in the Active Directory (always happens), but if you have a unique ID for each person in the organization that is configured from the start of his employment, it'll be final.

Take under consideration that if you're using Cisco Jabber in the organization, you'll have to do few changes in order for the Cisco Jabber will be able properly work with the change above, because I'm guessing that in their computers they're logging with their user name (sAMAccountName), and if you won't do this change the auto discover process when a person is opening Cisco Jabber won't work and he'll always need to enter his URI and then his username and password.

 

Anyway, I'm talking about this settings (System -> LDAP -> LDAP System), image attached also.

Preview file
4 KB
0 Helpful

Go to solution
Manish Gogna
Cisco Employee
Cisco Employee

‎09-21-2017 04:25 AM

Hi Jimi,

It is certainly possible to have the user-id's for EM set up as numeric only, you need to have the "Alphanumeric User ID" service parameter configured accordingly as discussed in the following post

 

https://supportforums.cisco.com/t5/unified-communications/userid-field-for-extension-mobility-user-only-accepting-numbers/td-p/2772890

 

However, your user id's will need to be configured as numeric for this to happen.

 

Manish

- Do rate useful posts -

0 Helpful

Go to solution
jimihendrix1
Level 1
Level 1
In response to Manish Gogna

‎09-29-2017 03:53 AM

Gentlemen I sincerely appoligize for the late replonse, I will be testing all your recomendations next week as I have been waiting for a change control to be approved.

 

Thank you all soooooo much for all your help!

 

Kindest regards,

 

0 Helpful
Customers Also Viewed These Support Documents