04-27-2010 04:13 PM - edited 03-19-2019 12:51 AM
Hi,
We're looking to filter our LDAP directory in CUC 7.1(3b) to only pull in accounts where the 'ipPhone' field contains something (or is not null).
We've been able to successfully implement this in CUCM, so that our Corporate Directory only lists AD accounts with the ipPhone field populated.
According to guides we've found online the command from CLI is, 'set cuc ldapfilter {insert filter}'
The syntax we're trying to use is:
set cuc ldapfilter '(&(objectclass=user)(!(objectclass=Computer))(!(UserAccountControl:1.2.840.113556.1.4.803:=2))(ipPhone=*))'
The problem is that the CUC CLI removes the ampersand (&) from the beginning of the string, so we end up with the following if we paste in the above filter:
set cuc ldapfilter '((objectclass=user)(!(objectclass=Computer))(!(UserAccountControl:1.2.840.113556.1.4.803:=2))(ipPhone=*))'
Has anyone successfully implemented LDAP filtering in CUC, if so can you please post a sample syntax?
Or, does anyone know how to type/enter an ampersand (&) in CUC CLI?
Solved! Go to Solution.
06-16-2010 10:22 AM
Hi Aaron,
Thanks for all your help. I figured out the issue and rectificed my SQl query
see the output from CUCM CLI:
admin:run sql select * from ldapfilter where tkldapserver=1
pkid tkldapserver filter
==================================== ============ ================================================================================================================================================================================================================================================
c8b4c680-ead1-43c0-a264-27da8142c539 1 (&(objectclass=user)(!(objectclass=Computer))(!(UserAccountControl:1.2.840.113556.1.4.803:=2))(|(telephonenumber=2*)(telephonenumber=3*)( telephonenumber=4*)(telephonenumber=5*)(telephonenumber=6*)(telephonenumber=7*)( telephonenumber=8*)))
admin:
what would be my next step is my CUCM ready to import users per this filter. what else do i need to setup in CUCM.
there seems to be not a document available to describer the steps on cisco.com
anyway
thanks for your help !!
06-16-2010 11:40 AM
Hi
It's not documented on Cisco.com as it's not supported. Version 8 allows you to do this via the GUI, which is supported.
Take a look at this post and the article that Bill wrote : https://supportforums.cisco.com/message/3047630?tstart=0
Basically if all is well you need to restart the DirSync service for the change to take effect, and then do a resync.
Regards
Aaron
Please rate helpful posts and mark answered questions that you've got a satisfactory response from to help identify useful content in the forums...
https://supportforums.cisco.com/docs/DOC-6212
06-17-2010 08:10 AM
Hi Aaron,
Thanks for your help yesterdday.
I have one more questions maybe you can help.
I needed to create a LDAP query so that i can search users with telephone no starting with 5 and any four digits. my current query states 5* and this will match 5 and any no of digits. Do you have any idea how to do this. here is my sql query for your refrence
06-17-2010 02:08 PM
Hi
Try using nested greater than/less thans... I seem to recall doing this at some point but not really in a position to test:
Regards
Aaron
06-17-2010 03:31 PM
06-18-2010 03:00 AM
Hi
You can't insert regular expressions to LDAP filters...
The best way to deal with this would be one of these:
1) Ensure that the information in the directory is correct - if the 'longer than 5-digit' extensions aren't correct, correct them. Make them numbers that are diallable properly, there's no point them being in the LDAP directory if they aren't correct.
2) Use an alternate field (i.e. ipPhone) and populate that with the 'checked' extensions. Your LDAP people should be able to put together a script very easily that simply reads each telephoneNumber, and if correct inserts to ipPhone. You then import that.
Regards
Aaron
06-18-2010 06:44 AM
Hi Aaron,
I am sorry but I didn’t understand your last post correctly. Here is something that we can do.
How do I create a query to search users whose phone numbers starts with 20000 and ends with 79999. I guess if I can create this and implement this will solve my issue.
Last night I executes another query ( using regular expressions) it didn’t error when executing but it isn’t working.
Please see if you have any idea how to create a query for numbers starting with 20000 and ending with 79999
Thanks
Satish
06-18-2010 06:55 AM
Hi
You can insert ANYTHING into the ldapfilter table; it will accept it and will not validate it. All that will happen is that your LDAP syn won't work, as the filter returns no results. You should test the filter first against your LDAP server - if it's AD, then in AD Users & Computers do a 'custom' search and paste in the filter text.
What I'm saying is that I don't think it's possible to match a range of numbers - you can match the first characters (e.g. telephonenumber=8*) but you can't match based on digit length or number range.
I think you need to investigate why the telephonenumbers in the LDAP directory are not consistent to start with.
Regards
Aaron
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide