cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
988
Views
0
Helpful
4
Replies

LDAP Search Base CM7.1.5

balitewiczp
Level 2
Level 2

I have multiple OU's under the same parent OU.  I understand child containers are not searched down.  I have 5 search bases, and need to add another OU.   The Number of search bases in CM7.1.5 is limited to 5.            Has this been increased in any newer versions?       Or is there a way to search more than 5 OU's ?

Thanks 

2 Accepted Solutions

Accepted Solutions

Jaime Valencia
Cisco Employee
Cisco Employee

"I understand child containers are not searched down."

That's wrong, unless you're talking about child domains.

To import the data into the Unified CM database,  the system performs a bind to the LDAP directory using the account  specified in the configuration as the LDAP Manager Distinguished Name,  and reading of the database is done with this account. The account must  be available in the LDAP directory for Unified CM to log in, and Cisco  recommends that you create a specific account with permissions to allow  it to read all user objects within the sub-tree that was specified by  the user search base.

It is possible to control the import of accounts  through use of permissions of the LDAP Manager Distinguished Name  account. In this example, if that account is restricted to have read  access to ou=Eng but not to ou=Mktg, then only the accounts located  under Eng will be imported.

http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/srnd/7x/directry.html#wp1045218

And no, the number of ldap syncs you can configure hasn't changed at all.

HTH

java

if this helps, please rate

www.cisco.com/go/pdihelpdesk

HTH

java

if this helps, please rate

View solution in original post

Yes, that's correct and what we have always done to overcome the 5 sync agreements limit.

HTH

java

if this helps, please rate

www.cisco.com/go/pdihelpdesk

HTH

java

if this helps, please rate

View solution in original post

4 Replies 4

Jaime Valencia
Cisco Employee
Cisco Employee

"I understand child containers are not searched down."

That's wrong, unless you're talking about child domains.

To import the data into the Unified CM database,  the system performs a bind to the LDAP directory using the account  specified in the configuration as the LDAP Manager Distinguished Name,  and reading of the database is done with this account. The account must  be available in the LDAP directory for Unified CM to log in, and Cisco  recommends that you create a specific account with permissions to allow  it to read all user objects within the sub-tree that was specified by  the user search base.

It is possible to control the import of accounts  through use of permissions of the LDAP Manager Distinguished Name  account. In this example, if that account is restricted to have read  access to ou=Eng but not to ou=Mktg, then only the accounts located  under Eng will be imported.

http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/srnd/7x/directry.html#wp1045218

And no, the number of ldap syncs you can configure hasn't changed at all.

HTH

java

if this helps, please rate

www.cisco.com/go/pdihelpdesk

HTH

java

if this helps, please rate

thanks for the quick reply.  I have exactly the situation depicted in the document, figure 17-6.  I have 5 different search bases, all at different OU's under the same root.   I understand from reading that I could use a search base at the root level, and use permissions to control imported users.

" In this example, a single synchronization agreement could have been used to specify the root of the domain,"

Am I thinking this right?

Yes, that's correct and what we have always done to overcome the 5 sync agreements limit.

HTH

java

if this helps, please rate

www.cisco.com/go/pdihelpdesk

HTH

java

if this helps, please rate

Yes, this is what I did, and indeed it works as expected.  Thanks again for your fast response and help