Solved: cucm 11.5 and ldap synchronization

cbrasolin · ‎02-04-2019

Hi,

i have a cucm synchronized with a LDAP server, one new user has been added on ldap server but the CUCM is not synchronizing this new user. From the logs i see:

2019-02-04 15:47:50,488 ERROR [DirSync-DBInterface] common.DSDBInterface (DSDBInterface.java:607) - DSDBInterface.updateUserInfo Error code=-746
2019-02-04 15:47:50,488 ERROR [DirSync-DBInterface] common.DSDBInterface (DSDBInterface.java:608) - DSDBInterface.updateUserInfo java.sql.SQLException: 19191
MESSAGE 19191
com.informix.jdbc.IfxSqli.addException(IfxSqli.java:3176)
com.informix.jdbc.IfxSqli.receiveError(IfxSqli.java:3458)
com.informix.jdbc.IfxSqli.dispatchMsg(IfxSqli.java:2369)
com.informix.jdbc.IfxSqli.receiveMessage(IfxSqli.java:2294)
com.informix.jdbc.IfxSqli.sendStatementQuery(IfxSqli.java:1601)
com.informix.jdbc.IfxSqli.executeStatementQuery(IfxSqli.java:1551)
com.informix.jdbc.IfxSqli.executeStatementQuery(IfxSqli.java:1499)
com.informix.jdbc.IfxResultSet.executeQuery(IfxResultSet.java:214)
com.informix.jdbc.IfxStatement.executeQueryImpl(IfxStatement.java:1067)
com.informix.jdbc.IfxPreparedStatement.executeQuery(IfxPreparedStatement.java:354)
com.cisco.ccm.dir.dirsync.common.DSDBInterface.insert(DSDBInterface.java:1385)
com.cisco.ccm.dir.dirsync.common.DSDBInterface.updateUserInfo(DSDBInterface.java:592)
com.cisco.ccm.dir.dirsync.common.DSDBInterface.messageReceived(DSDBInterface.java:167)
com.cisco.ccm.dir.dirsync.util.MessageThread.deliver(MessageThread.java:393)
com.cisco.ccm.dir.dirsync.util.MessageThread.deliverAll(MessageThread.java:366)
com.cisco.ccm.dir.dirsync.util.MessageThread.run(MessageThread.java:303)

2019-02-04 15:47:50,488 ERROR [DirSync-DBInterface] common.DSDBInterface (DSDBInterface.java:612) - DSDBInterface.updateUserInfo dbErrorNumber=19191
2019-02-04 15:47:50,489 ERROR [DirSync-DBInterface] common.DSDBInterface (DSDBInterface.java:624) - DSDBInterface.updateUserInfo For User :axxx-fxxxxxxxx DB ERROR: DiscoveryUserIdentity entered for EndUser already exists.

I have replaced the user name with the x character. I am not able to find out what is "DiscoveryUserIdentity", i don't have any End User in CUCM with that user ID but i guess DiscoveryUserIdentity is something else.

cbrasolin · ‎02-05-2019

Hi Chris,

this bug is not my case. i found the problem and solved in this way:

From the publisher i used this sql query for extract all users and the field "discoveryuseridentity"

run sql select u.userid,u.mailid,u.lastname,u.discoveryuseridentity from enduser as u order by u.discoveryuseridentity

The discoveryuseridentity is the userid@ladp-domain and it is not the mailid, my ldap has the userid build as name-surname while the mailid is name.surname.

I found the missing user in the field discoveryuseridentity associated with a local userid (so not synchronized with ldap), i really don't understand how that association has been possibile since the local userid has been created as numeric user without any mail address. So i have deleted the local userid, performed a full ldap sync and recreate my local user.

With the query above i found the same problem for other 5 local users.

Regards,

Christian

View solution in original post

Chris Deren · ‎02-04-2019

Perhaps you are running into this bug:

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCur55902/?rfs=iqvred

Symptom:
There is a new requirement from the CUCM 10.0 that the end-user either local or LDAP must have either have a unique mail address field or be Null.
Because of this requirement, the user synchronization from the LDAP will fail if the email id field is same under two users.
We would see the following error in the DIR Sync logs :

ERROR [DirSync-DBInterface] common.DSDBInterface (DSDBInterface.java:552) - DSDBInterface.updateUserInfo For User :ernies DB ERROR: MailID entered for EndUser already exists

Conditions:
same email ID value is assigned to users on AD or email ID values are duplicated during sync as part of changes made to multiple users

Workaround:
1. make the email id field blank on the AD
2. synchronize the users to CUCM, Now all users will sync.
3. Update the email id field on the AD, synchronize again from CUCM

Note : One of the users will be able to update the e-mail id, other user will have blank e-mail id field, but both the users will remain in a synchronized state.

Further Problem Description:
The problem can occur even if there are no duplicate email IDs in the directory. As part of the sync process users are updated individually. If the email ID for two users are switched in the directory (a for b and b for a), the sync fails because the first update causes two users to have the same email ID.

While it is less common and not recommended, switching user ID between users can also cause duplicate email ID errors.

cbrasolin · ‎02-05-2019