01-30-2013 12:31 AM - edited 03-16-2019 03:26 PM
Hi All,
The CUCM 9 had some local users and since then I've enabled synchronization and authentication with LDAP. As it is version9 CUCM, both the LDAP and local users coexist.
Now I wan't to remove all of the LDAP users but leave the previously configured local users. I have removed the LDAP Directory, disabled LDAP authentication and disabled the LDAP sync but no users are marked as inactive.
I know this usually happens when the next sync cycle happens, but as there is no LDAP sync anymore, when will the users (or will they at all) be marked as inactive so that the garbage collection can do its job and delete those users.
Currently, as I've removed LDAP, you cannot see the difference between the local users and the old LDAP users.
Can someone please shed some light on what will happen now, and will the users be eventually removed and when. Thanks,
Adnan
Solved! Go to Solution.
01-30-2013 05:51 AM
Unless you checked this option for the users:
Convert LDAP Synchronized User to Local User
The garbage disposal should remove them, once the fixed period of time has passed.
HTH
java
if this helps, please rate
www.cisco.com/go/pdihelpdesk
01-30-2013 12:37 AM
Hi
I've not looked at this on 9.x, but previously on 8.x there is a status column that indicates whether the user is inactive or not. You can update it to make all the users permanent.
In your case you might not be able to determine which users were and were not present before you attempted the integration - you'd have to take a look at the DB tables to see if there is any info you can use.
The detail re: the status column in the DB is here:
https://supportforums.cisco.com/thread/2131043
Aaron
01-30-2013 12:43 AM
Hi Aaron,
Thanks for your reply. I would like to remove all of the LDAP users, rather then making them permanent, which is the reason I removed the LDAP agreements.
Removing 80,000 users manually might be too much which is why I would like to know if the CUCM will do this automatically and just leave the local users. Thanks,
Adnan
*edit* I just noticed that when I go into the configuration of an end user which was imported using LDAP, for user status is says "Inactive LDAP Synchronized User". This gives me home that in 24hrs when the garbage collection runs, it should delete the user. We will wait and see.
01-30-2013 05:51 AM
Unless you checked this option for the users:
Convert LDAP Synchronized User to Local User
The garbage disposal should remove them, once the fixed period of time has passed.
HTH
java
if this helps, please rate
www.cisco.com/go/pdihelpdesk
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide