cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
845
Views
7
Helpful
12
Replies

Limit LDAP searches with CUCM 6.1?

Tommer Catlin
VIP Alumni
VIP Alumni

When we do an LDAP integration in CUCM 6.x, it grabs everyone, which is fine. I could do separate OUs and just grab those OUs. But is there a way to exclude ldap entries from the directory sync, or is basically sync all? (System accounts, or people we do not want listed in the corp directory)

I dont think there is way. We may have to use a third party or develop our own XML directory.

cheers

12 Replies 12

Michael Owuor
Cisco Employee
Cisco Employee

You are right. There's currently no support for filtering out some users in the chosen search base. As you stated, you would have to control this by restricting access of the LDAP Manager Distinguished Name account to just certain OUs.

Regards,

Michael.

I've configured my CCM6.1 for LDAP and I can see all the users in particular OUs in my End user page, but these users are not able to login to CCMUSER page (or the CRS Administration page in UCCx)

What rights does the LDAP Manager Distinguished name user need to have in ADS?

Thanks,

Joel

First thing is to check is that your AD users are showing up in CUCM. If they are, LDAP syncing is working with the account you are using.

To login to the CCMUSER page, the user must have certain permissions *within* CUCM applied to them before they can login. I had this problem once and drove me crazy. Verify the user you are trying to login with has the correct permissions on their account in CUCM.

Also, if the password or user name they are using has odd characters or something not standard, this may throw off authentication.

I can get the users synced fine.

I added the users the "Standard CCM End User" user group, which I think is the only thing to do to get an End user to be able to login to the CCMUSER page.

I think I have a ! in my password, let me reset to a simpler password and see if it would work.

Is there a list of characters not to use.

Thanks,

Joel

I cant recall which characters have troubles. I think it's a bug and it's in the bug list.

If you elevate the user to everything in CUCM can they login?

Tried adding all rights, but still cannot login.

Thanks for the reply.

You will have to check the RTMT log and see what the issue with the login is with the users. Im not sure why its not allowing you in.

Unless it is something with the LDAP and how it's binding. Double check your LDAP configuration and make sure everything is correct in CUCM. I believe there is a check box for authentication also.

I got it fixed.

The LDAP User search base under - LDAP Authentication must be greater that the User search base under - LDAP Directories.

I had this under LDAP Authentication

CN=users,DC=mickey,DC=org

This under LDAP directories

ou=Network Services, ou=Users, ou=Info Tech, ou=Jacksonville, dc=mickey, dc=org

Since my directories were not under CN=USERS, I had to change my user search base under LDAP Authentication to be

DC=mickey,DC=org

hope this helps others who who are as stupid as me...lol

joel

Glad you found it!

Thanks for posting this, you know you will not be the only one running into this, and you will save the next person a lot of grief!

Mary Beth

Guys,

I am not able to add more than 5 LDAP directories in CUCM.

Is this a configurable parameter?

thanks 4 any help.

Joel

okay, I painfully found that CUCM supports only "5" LDAP directories.

I have to get the ADS OUs rearranged accordingly....

I'm taking your advice Mary...posting how the issue was resolved...lol

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: