Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
2717
Views
0
Helpful
5
Replies

Delegate permisson to sync LDAP

craig.petty
Level 1
Level 1

‎08-17-2010 08:43 AM - edited ‎03-19-2019 01:25 AM

Is there a way to grant a user the ability to synchronize LDAP without giving them full admin rights?  This applies to both UCM and Unity Connection.  When adding new users to the system we add them to Active Directory, and then create their phone & voice mailbox.  After creating their AD account we synchronize LDAP in UCM and UC so the new accounts are visible to those systems.  When I do it myself it's not a problem because I have full admin rights, but I'd like to delegate the permission to sync LDAP to our technical support staff who don't have full admin rights on the phone system.  It's not realistic to expect them to wait for the next scheduled LDAP sync to occur.

2 people had this problem
Labels:
0 Helpful
5 Replies 5

philip.e.denton
Level 3
Level 3

‎08-17-2010 11:43 AM

Try using End User Roles to delegate administrative rights to the end users you want to promote to various administrative roles.  I don't have access to a CUCM or UConn cluster at the moment to verify that LDAP Syncing is a task that can be delegated; however, use the guide linked below to guide you through the role administration process.  Sorry I couldn't be of more help!

http://www.cisco.com/en/US/products/sw/voicesw/ps556/products_tech_note09186a00808c82d2.shtml

0 Helpful

craig.petty
Level 1
Level 1
In response to philip.e.denton

‎08-25-2010 06:24 AM

Unfortunately there is not enough granularity to allow users to 'Perform Full Sync Now' without also granting permission to make LDAP directory configuration changes.  The closest thing you can do in a role is grant read/update on 'LDAP Directory Configuration Pages'.

too bad.

0 Helpful

philip.e.denton
Level 3
Level 3
In response to craig.petty

‎08-25-2010 06:33 AM

Well dang.  I don't feel like there's a ton of danger allowing access to that portion of CCMAdmin as long as they know the only button they're supposed to press on that screen is "Perform Full Sync Now"!

0 Helpful

chirpari
Cisco Employee
Cisco Employee
In response to philip.e.denton

‎05-24-2017 02:41 PM

Any third party tool or AXL API that can be used to achieve this?

0 Helpful

thawthorne_6
Level 1
Level 1

‎03-13-2013 08:04 AM

I have this problem too. The LDAP Directory Configuration Pages option works perfectly for the Call Manager LDAP sync, but that setting doesn't transfer over to Unity. And the Unity roles don't allow you to copy and reconfigure them like Call Manager does. So right now its either give them the technician role or no LDAP sync

0 Helpful
Customers Also Viewed These Support Documents
Top