cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
7911
Views
0
Helpful
9
Replies

LDAP Users in CUCM

DOMJAHN DAVID
Level 1
Level 1

hi there,

I successfully set up LDAP integration with CUCM being now able to access phone numbers assigned to an ADS account.

Questions:

- is there an option to also access "contacts" (information stored in "contact" records)?

- and is CUCM able to do an ADS query for the number of incoming calls in order to display the name instead of caller's number?

Thank you very much in advance,

David

1 Accepted Solution

Accepted Solutions

Hi

CCM doesn't do number-to-name reverse lookups in current versions... I believe there are third party apps that can do this.

David is correct, the default LDAP filter used by CCM is:

(&(objectclass=user)(!(objectclass=Computer))(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))

Which in English means something must 'be a user', 'not be a computer', and 'not be disabled'. Not sure how many times a user is a computer, but hey...

If you wanted it to pull contacts as well, this would need changing to

(&(|(objectclass=contact)(objectclass=user))(!(objectclass=Computer))(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))

There's a good article on how to do this at:

http://www.netcraftsmen.net/resources/blogs/axl-sql-toolkit-part-3-updating-cucm-dirsync-ldap-filter-by-example.html

Once all that's done, contacts will sync in...

IF they meet the usual requirements for a normal user - i.e. if you are using sAMAccountName as the User ID, it will not work as there is no sAMAccountName property on a Contact in AD. I used employeeNumber in this case, no reason why telephoneNumber/mailid shouldn't work, but again UPN won't work as contacts do not have one.

One other note - what this does give you is a sneaky way to give some access to CCM to non-AD people. For example, you can set up a contact as an Extension Mobility user, because they have a PIN stored in the CCM user DB. They cannot access CCMUser however, and wouldn't be able to log into UCCX, as they don't have a password in AD where CCM would expect it.

Finally - I've not deployed this on a real network; I've only tested it in my lab... so do it at your own risk etc etc.

Regards

Aaron

Please rate helpful posts...

Aaron Please remember to rate helpful posts to identify useful responses, and mark 'Answered' if appropriate!

View solution in original post

9 Replies 9

David Hailey
VIP Alumni
VIP Alumni

1) LDAP integration with AD is based on this premise so user objects are what is imported:

If synchronization with the LDAP server is enabled, you can choose an  LDAP attribute value for the user ID. Choose one of the following values  from the drop-down list box:

For Microsoft Active Directory

sAMAccountName

mail

employeeNumber

telephoneNumber

userPrincipalName

2) When you say query the number for incoming calls - if the calls are coming from the PSTN, then these users would typially not be in your AD so this would be a moot point.  For intracluster calls (IP to IP), the caller ID is configured on the line level via Alerting Name and Calling Name Display.  You have to configure this when you provision the DN on the phone.

Hailey

Please rate helpful posts!

Hi David,

thanks for the answer,

ad 1) yes - ADS users are presented by CUCM (that works fine) but ADS contacts are not shown in the global enterprise phone directory.

ad 2) yes - but it would be nice that users calling in from PSTN are displayed with their name instead of their phone number.

Regards,

also David ;-)

David,

To expand on the answer to your first question about Contacts, if I remember correctly - the DirSync process used by CUCM is specifically querying for objects where "objectclass=user".  As you know, a contact would not match that criteria based on AD schema.  I've been wrong before and can refresh my brain in the lab over the weekend.

Also, if you want Caller ID inbound from external callers (that is what you're getting at or did I misunderstand?), you would need to take that up with your telco provider to see if they offer that feature on the type of trunks you have for inbound (i.e., PRI, POTS, etc).

Hailey

Please rate helpful posts!

Hi David,

thanks for the reply!

DirSync: Is there an option to also include ADS contacts by changing scripts etc?

CLID: The CLID is delivered by the telco and should be translated into the name of the caller IF an appropriate record is present in AD.

Thanks,

David

Hi

CCM doesn't do number-to-name reverse lookups in current versions... I believe there are third party apps that can do this.

David is correct, the default LDAP filter used by CCM is:

(&(objectclass=user)(!(objectclass=Computer))(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))

Which in English means something must 'be a user', 'not be a computer', and 'not be disabled'. Not sure how many times a user is a computer, but hey...

If you wanted it to pull contacts as well, this would need changing to

(&(|(objectclass=contact)(objectclass=user))(!(objectclass=Computer))(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))

There's a good article on how to do this at:

http://www.netcraftsmen.net/resources/blogs/axl-sql-toolkit-part-3-updating-cucm-dirsync-ldap-filter-by-example.html

Once all that's done, contacts will sync in...

IF they meet the usual requirements for a normal user - i.e. if you are using sAMAccountName as the User ID, it will not work as there is no sAMAccountName property on a Contact in AD. I used employeeNumber in this case, no reason why telephoneNumber/mailid shouldn't work, but again UPN won't work as contacts do not have one.

One other note - what this does give you is a sneaky way to give some access to CCM to non-AD people. For example, you can set up a contact as an Extension Mobility user, because they have a PIN stored in the CCM user DB. They cannot access CCMUser however, and wouldn't be able to log into UCCX, as they don't have a password in AD where CCM would expect it.

Finally - I've not deployed this on a real network; I've only tested it in my lab... so do it at your own risk etc etc.

Regards

Aaron

Please rate helpful posts...

Aaron Please remember to rate helpful posts to identify useful responses, and mark 'Answered' if appropriate!

Thanks a lot - that's what we need!

Regards,
David

Did the above solution work?

We have a customer that is requesting Contacts in AD be pulled into CUCM v8.

Are you using sAMAccountName for the user ID or have you had to use a different field?

Thanks

Hi There,

 

I have a CUCM 11.5 cluster and need to exactly the same and require contacts to be imported when doing DirSync with MS AD.

 

Will the above work on 11.5?

 

Cheers,

 

B

Looking through the thread, nothing jumps out at me that would not work in 11.5.

Maren