Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4322
Views
0
Helpful
3
Replies

LDAP Sync Issue CUCM 8.6

kknuckles
Level 1
Level 1

‎06-11-2012 06:33 PM - edited ‎03-16-2019 11:37 AM

I am having a problem with LDAP sync and I cannot figure it out. I'll try to explain as briefly as possible.

CUCM 8.6

MS AD 2008

LDAP Sync is filtering against the ipPhone field.

I have had some users change position/role within the organization or have left the organization. For those that changed position/role I have removed their phone information from the telephone and ipphone sections on their user account. For those who left, I deleted their account from AD.  I then sync'd ldap and it marked them inactive in CUCM.

Here's where it gets odd. For the users who left, most of their replacements are brand new users. These users sync up with no problem when I add them and their phone info to AD. For the users who changed roles, their replacements are users who have been here a while. When I put the phone information in the replacement user's AD account, and then do a sync, it doesn't pull the user into CUCM. I have removed the phone information and sync'd AD, then sync'd CUCM with AD; then put the info back in and sync'd AD then sync'd CUCM and still nothing.

I'm at a loss now.

Any ideas or thoughts out there?

Thanks,

Kevin

Labels:
0 Helpful
3 Replies 3

Mohammed al Baqari
Level 11
Level 11

‎06-12-2012 01:35 AM

Hi,

- Please confirm that your new users are placed in AD inside the OU where you CUCM Search base is configured.

- Make sure that you dont have overlapping users (depends on what attribute you are using)

- In case CUCM clustered make sure that DB replication is working fine.

If all above didn't fix the problem, share your traces during ldap sync.

Sent from Cisco Technical Support iPhone App

0 Helpful

kknuckles
Level 1
Level 1
In response to Mohammed al Baqari

‎06-12-2012 06:15 PM

They are inside an appropriate OU that is covered by the search base. No overlaps. I've caught my self triple checking that aspect every day.

DB Replication shows that its working.

Where can I find the traces?

0 Helpful

kknuckles
Level 1
Level 1
In response to kknuckles

‎06-12-2012 06:58 PM

I figured it out! I realized after I posted earlier that I needed to use the RTMT for the traces. Wasn't thinking. It showed my problem.

My original users were put in by hand so ALL LDAP attributes we were looking for were put in. These were people who were here during our original AD conversion from Novell. When I created my other users, 541 to be exact, I had mass uploaded them and it didn't fill in GivenName and Surname attributes. When the RTMT showed they were missing LDAP attributes, it finally hit me. I went and plugged in their GivenName and Surname attributes and then did another import. It worked! Thanks for pointing me in the right direction!

Thanks again!

0 Helpful
Customers Also Viewed These Support Documents