12-17-2023 11:54 PM
hi...
we have CUCM v14, it's integrated with the Active Directory to sync the telephone directory.
we noticed that, the CUCM pull all users from the AD, but we need to pull the users who have the telephone number only.
we configured a custom filter in the CUCM (telephoneNumber=*) but this is not work.
could you please help.
12-18-2023 01:53 AM
Please share your custom LDAP filter and a screenshot of your LDAP directory configuration. Feel free to mask out any sensitive information.
12-18-2023 02:46 AM
Hi Reyad,
Please consult with your AD team to identify the precise LDAP attribute where they have configured the phone numbers or phone extensions. Use these attributes in the LDAP filter. Generally, I advise AD/LDAP admins to utilize the 'ipphone' field to populate extensions, but you can choose any relevant attributes based on your company's design.
If you have extensions or phone numbers stored in the 'ipPhone' field of LDAP, you can use something like the example below. This will synchronize only with users who have valid 'ipPhone' entries in their LDAP.
(&(objectCategory=user)(objectClass=user)(ipPhone=*))
you can replace the ipPhone with telephoneNumber if you are using this field in your LDAP.
Regards,
Shalid
Disclaimer:
Responses are based on personal knowledge and experience. Consider them as guidance. Other members may offer different perspectives or better approaches. No responsibility is assumed for outcomes; discretion is advised.
12-18-2023 04:46 AM
If you are creating a custom LDAP filter it might be good to include what is used as the default filter when no filter is set to be used.
It's a little backwards that LDAP filer = None in reality means that a default, none visible, filter is used.
12-18-2023 05:59 AM - edited 12-18-2023 05:59 AM
@Roger Kallberg mentions that you should include the default filter. The default AD filter filters out users disabled in Active Directory, which is usually desired. Which, no doubt, is why it is the default.
Maren
12-20-2023 04:38 AM
could you please advise what this filter for:
(&(&(objectCategory=user)(objectClass=user)(!telephoneNumber=\20)(&(objectClass=user)(telephoneNumber=*))))
12-20-2023 10:38 AM
I doubt that this filter is operational. Can you please outline what you want to achieve with your filter. As it’s crafted now it must be more to it than what you originally let on. If it’s truly only what you outlined originally you should be able to simplify the filter substantially.
12-22-2023 12:47 AM - edited 12-22-2023 12:49 AM
Hi,
If we examine the formula you provided, it can be decoded as follows: it searches for user objects that belong to the user category and class, have a non-empty telephone number, and the telephone number is not equal to '\20'. I believe the '\20' represents the space character. To import a user from LDAP, the value must meet all three of these conditions.
Did you test this and is it working?
Regards,
Shalid
Disclaimer:
Responses are based on personal knowledge and experience. Consider them as guidance. Other members may offer different perspectives or better approaches. No responsibility is assumed for outcomes; discretion is advised.
12-22-2023 03:51 AM
This filter is as I suspected not correctly formatted. If I run it in a LDAP filter analyzer at https://piellardj.github.io/ldap-filter-analyzer/ it gives this error.
Try with this filter if you want to add the check of telephoneNumber field having something filled in and only sync users that do to the default CM AD ldap filter. The goofy number sting means that it will not include accounts in disabled state.
(&(objectclass=user)(!(objectclass=Computer))(!(UserAccountControl:1.2.840.113556.1.4.803:=2))(telephoneNumber=*))
Validating that in the filter analyzer gives this.
12-22-2023 04:01 AM
Thanks @Roger Kallberg for the useful tool to check the LDAP filter.
I attempted to update the original filter shared by the user, and you can find it below.
(&(&(objectCategory=user)(objectClass=user)(!(telephoneNumber=\20)))(objectClass=user)(telephoneNumber=*))
Feel free to use any of the filters suggested in this thread—whichever works best for you.
Regards
Shalid
Disclaimer:
Responses are based on personal knowledge and experience. Consider them as guidance. Other members may offer different perspectives or better approaches. No responsibility is assumed for outcomes; discretion is advised.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide