Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
7860
Views
0
Helpful
9
Replies

LDAP Users in CUCM

Go to solution
DOMJAHN DAVID
Level 1
Level 1

‎03-24-2010 02:47 PM - last edited on ‎03-25-2019 06:59 PM by Community Manager

hi there,

I successfully set up LDAP integration with CUCM being now able to access phone numbers assigned to an ADS account.

Questions:

- is there an option to also access "contacts" (information stored in "contact" records)?

- and is CUCM able to do an ADS query for the number of incoming calls in order to display the name instead of caller's number?

Thank you very much in advance,

David

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Aaron Harrison
VIP Alumni
VIP Alumni
In response to DOMJAHN DAVID

‎03-26-2010 03:53 AM

Hi

CCM doesn't do number-to-name reverse lookups in current versions... I believe there are third party apps that can do this.

David is correct, the default LDAP filter used by CCM is:

(&(objectclass=user)(!(objectclass=Computer))(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))

Which in English means something must 'be a user', 'not be a computer', and 'not be disabled'. Not sure how many times a user is a computer, but hey...

If you wanted it to pull contacts as well, this would need changing to

(&(|(objectclass=contact)(objectclass=user))(!(objectclass=Computer))(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))

There's a good article on how to do this at:

http://www.netcraftsmen.net/resources/blogs/axl-sql-toolkit-part-3-updating-cucm-dirsync-ldap-filter-by-example.html

Once all that's done, contacts will sync in...

IF they meet the usual requirements for a normal user - i.e. if you are using sAMAccountName as the User ID, it will not work as there is no sAMAccountName property on a Contact in AD. I used employeeNumber in this case, no reason why telephoneNumber/mailid shouldn't work, but again UPN won't work as contacts do not have one.

One other note - what this does give you is a sneaky way to give some access to CCM to non-AD people. For example, you can set up a contact as an Extension Mobility user, because they have a PIN stored in the CCM user DB. They cannot access CCMUser however, and wouldn't be able to log into UCCX, as they don't have a password in AD where CCM would expect it.

Finally - I've not deployed this on a real network; I've only tested it in my lab... so do it at your own risk etc etc.

Regards

Aaron

Please rate helpful posts...

Aaron Please remember to rate helpful posts to identify useful responses, and mark 'Answered' if appropriate!

View solution in original post

0 Helpful
9 Replies 9

Go to solution
David Hailey
VIP Alumni
VIP Alumni

‎03-24-2010 06:38 PM

1) LDAP integration with AD is based on this premise so user objects are what is imported:

If synchronization with the LDAP server is enabled, you can choose an  LDAP attribute value for the user ID. Choose one of the following values  from the drop-down list box:

For Microsoft Active Directory

sAMAccountName

mail

employeeNumber

telephoneNumber

userPrincipalName

2) When you say query the number for incoming calls - if the calls are coming from the PSTN, then these users would typially not be in your AD so this would be a moot point.  For intracluster calls (IP to IP), the caller ID is configured on the line level via Alerting Name and Calling Name Display.  You have to configure this when you provision the DN on the phone.

Hailey

Please rate helpful posts!

0 Helpful

Go to solution
DOMJAHN DAVID
Level 1
Level 1
In response to David Hailey

‎03-25-2010 02:28 AM

Hi David,

thanks for the answer,

ad 1) yes - ADS users are presented by CUCM (that works fine) but ADS contacts are not shown in the global enterprise phone directory.

ad 2) yes - but it would be nice that users calling in from PSTN are displayed with their name instead of their phone number.

Regards,

also David ;-)

0 Helpful

Go to solution
David Hailey
VIP Alumni
VIP Alumni
In response to DOMJAHN DAVID

‎03-25-2010 05:53 PM

David,

To expand on the answer to your first question about Contacts, if I remember correctly - the DirSync process used by CUCM is specifically querying for objects where "objectclass=user".  As you know, a contact would not match that criteria based on AD schema.  I've been wrong before and can refresh my brain in the lab over the weekend.

Also, if you want Caller ID inbound from external callers (that is what you're getting at or did I misunderstand?), you would need to take that up with your telco provider to see if they offer that feature on the type of trunks you have for inbound (i.e., PRI, POTS, etc).

Hailey

Please rate helpful posts!

0 Helpful

Go to solution
DOMJAHN DAVID
Level 1
Level 1
In response to David Hailey

‎03-26-2010 02:21 AM

Hi David,

thanks for the reply!

DirSync: Is there an option to also include ADS contacts by changing scripts etc?

CLID: The CLID is delivered by the telco and should be translated into the name of the caller IF an appropriate record is present in AD.

Thanks,

David

0 Helpful

Go to solution
Aaron Harrison
VIP Alumni
VIP Alumni
In response to DOMJAHN DAVID

‎03-26-2010 03:53 AM

Hi

CCM doesn't do number-to-name reverse lookups in current versions... I believe there are third party apps that can do this.

David is correct, the default LDAP filter used by CCM is:

(&(objectclass=user)(!(objectclass=Computer))(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))

Which in English means something must 'be a user', 'not be a computer', and 'not be disabled'. Not sure how many times a user is a computer, but hey...

If you wanted it to pull contacts as well, this would need changing to

(&(|(objectclass=contact)(objectclass=user))(!(objectclass=Computer))(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))

There's a good article on how to do this at:

http://www.netcraftsmen.net/resources/blogs/axl-sql-toolkit-part-3-updating-cucm-dirsync-ldap-filter-by-example.html

Once all that's done, contacts will sync in...

IF they meet the usual requirements for a normal user - i.e. if you are using sAMAccountName as the User ID, it will not work as there is no sAMAccountName property on a Contact in AD. I used employeeNumber in this case, no reason why telephoneNumber/mailid shouldn't work, but again UPN won't work as contacts do not have one.

One other note - what this does give you is a sneaky way to give some access to CCM to non-AD people. For example, you can set up a contact as an Extension Mobility user, because they have a PIN stored in the CCM user DB. They cannot access CCMUser however, and wouldn't be able to log into UCCX, as they don't have a password in AD where CCM would expect it.

Finally - I've not deployed this on a real network; I've only tested it in my lab... so do it at your own risk etc etc.

Regards

Aaron

Please rate helpful posts...

Aaron Please remember to rate helpful posts to identify useful responses, and mark 'Answered' if appropriate!
0 Helpful

Go to solution
DOMJAHN DAVID
Level 1
Level 1
In response to Aaron Harrison

‎03-26-2010 05:06 PM

Thanks a lot - that's what we need!

Regards,
David

0 Helpful

Go to solution
oliverpowell
Level 1
Level 1
In response to DOMJAHN DAVID

‎04-12-2011 06:17 AM

Did the above solution work?

We have a customer that is requesting Contacts in AD be pulled into CUCM v8.

Are you using sAMAccountName for the user ID or have you had to use a different field?

Thanks

0 Helpful

Go to solution
b.paik
Level 1
Level 1
In response to Aaron Harrison

‎04-04-2019 02:56 PM

Hi There,

 

I have a CUCM 11.5 cluster and need to exactly the same and require contacts to be imported when doing DirSync with MS AD.

 

Will the above work on 11.5?

 

Cheers,

 

B

0 Helpful

Go to solution
Maren Mahoney
VIP
VIP
In response to b.paik

‎04-05-2019 05:06 AM

Looking through the thread, nothing jumps out at me that would not work in 11.5.

Maren

0 Helpful
Customers Also Viewed These Support Documents