Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
603
Views
6
Helpful
9
Replies

CUCM

Reyad Safi
Level 1
Level 1

‎12-17-2023 11:54 PM

hi...

we have CUCM v14, it's integrated with the Active Directory to sync the telephone directory.

we noticed that, the CUCM pull all users from the AD, but we need to pull the users who have the telephone number only.

we configured a custom filter in the CUCM (telephoneNumber=*) but this is not work.

could you please help.

Labels:
0 Helpful
9 Replies 9

Roger Kallberg
VIP
VIP

‎12-18-2023 01:53 AM

Please share your custom LDAP filter and a screenshot of your LDAP directory configuration. Feel free to mask out any sensitive information.



Response Signature


0 Helpful

Shalid Kurunnan Chalil
Spotlight
Spotlight

‎12-18-2023 02:46 AM

 

Hi Reyad, 

Please consult with your AD team to identify the precise LDAP attribute where they have configured the phone numbers or phone extensions. Use these attributes in the LDAP filter. Generally, I advise AD/LDAP admins to utilize the 'ipphone' field to populate extensions, but you can choose any relevant attributes based on your company's design.

If you have extensions or phone numbers stored in the 'ipPhone' field of LDAP, you can use something like the example below. This will synchronize only with users who have valid 'ipPhone' entries in their LDAP.

(&(objectCategory=user)(objectClass=user)(ipPhone=*))
you can replace the ipPhone with telephoneNumber if you are using this field in your LDAP.

Regards,

Shalid 

Disclaimer:

Responses are based on personal knowledge and experience. Consider them as guidance. Other members may offer different perspectives or better approaches. No responsibility is assumed for outcomes; discretion is advised.

Roger Kallberg
VIP
VIP
In response to Shalid Kurunnan Chalil

‎12-18-2023 04:46 AM

If you are creating a custom LDAP filter it might be good to include what is used as the default filter when no filter is set to be used.

image.png

It's a little backwards that LDAP filer = None in reality means that a default, none visible, filter is used.



Response Signature


Maren Mahoney
VIP
VIP
In response to Roger Kallberg

‎12-18-2023 05:59 AM - edited ‎12-18-2023 05:59 AM

@Roger Kallberg mentions that you should include the default filter. The default AD filter filters out users disabled in Active Directory, which is usually desired. Which, no doubt, is why it is the default.

Maren

Reyad Safi
Level 1
Level 1

‎12-20-2023 04:38 AM

could you please advise what this filter for:

(&(&(objectCategory=user)(objectClass=user)(!telephoneNumber=\20)(&(objectClass=user)(telephoneNumber=*))))

0 Helpful

Roger Kallberg
VIP
VIP
In response to Reyad Safi

‎12-20-2023 10:38 AM

I doubt that this filter is operational. Can you please outline what you want to achieve with your filter. As it’s crafted now it must be more to it than what you originally let on. If it’s truly only what you outlined originally you should be able to simplify the filter substantially.



Response Signature


0 Helpful

Shalid Kurunnan Chalil
Spotlight
Spotlight
In response to Reyad Safi

‎12-22-2023 12:47 AM - edited ‎12-22-2023 12:49 AM

Hi,

If we examine the formula you provided, it can be decoded as follows: it searches for user objects that belong to the user category and class, have a non-empty telephone number, and the telephone number is not equal to '\20'. I believe the '\20' represents the space character. To import a user from LDAP, the value must meet all three of these conditions.

Did you test this and is it working?

Regards, 

Shalid 

Disclaimer:

Responses are based on personal knowledge and experience. Consider them as guidance. Other members may offer different perspectives or better approaches. No responsibility is assumed for outcomes; discretion is advised.

 

 

0 Helpful

Roger Kallberg
VIP
VIP
In response to Reyad Safi

‎12-22-2023 03:51 AM

This filter is as I suspected not correctly formatted. If I run it in a LDAP filter analyzer at https://piellardj.github.io/ldap-filter-analyzer/ it gives this error.

bild.png

Try with this filter if you want to add the check of telephoneNumber field having something filled in and only sync users that do to the default CM AD ldap filter. The goofy number sting means that it will not include accounts in disabled state.

(&(objectclass=user)(!(objectclass=Computer))(!(UserAccountControl:1.2.840.113556.1.4.803:=2))(telephoneNumber=*))

Validating that in the filter analyzer gives this.

bild.png



Response Signature


Shalid Kurunnan Chalil
Spotlight
Spotlight

‎12-22-2023 04:01 AM

Thanks @Roger Kallberg for the useful tool to check the LDAP filter.

I attempted to update the original filter shared by the user, and you can find it below.

(&(&(objectCategory=user)(objectClass=user)(!(telephoneNumber=\20)))(objectClass=user)(telephoneNumber=*))

Feel free to use any of the filters suggested in this thread—whichever works best for you.

Regards 

Shalid 

Disclaimer:

Responses are based on personal knowledge and experience. Consider them as guidance. Other members may offer different perspectives or better approaches. No responsibility is assumed for outcomes; discretion is advised.

Customers Also Viewed These Support Documents