cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
521
Views
0
Helpful
2
Replies

LDAP OU parameters changed - Integration with CUCM

joseivan_11
Level 1
Level 1

Hi Community,

 

I have a doubt

 

Staff that administers the active directory (LDAP), tells me to make some changes in the parameters of organization units (OU), the service is configured in such a way that users use authentication through LDAP.

 

My question is about what kind of considerations should I take so that the users are not affected, since they are authenticated through the ldap, in the same way also since the users are also associated with the devices (Ip phone, CSF, etc.)and I do not want it to be lost that setup or that association of the user to the devices.

 

For my part I would only think of configuring in the LDAP Directory section another service to point the same server with the same account (ldap distinguished name) but with the new OU parameters, since it is the same server and then perform the resynchronization.

 

But I do not know if this leads to the loss of the association of users with the devices,, and problems to authenticate to the cucm services.

 

Best Regards

1 Accepted Solution

Accepted Solutions

Users replicated to CUCM are identified by their UID. Subsequent synchronizations of LDAP will map new LDAP information about an existing CUCM account by matching up the UID. As long as the OU restructuring in LDAP does not change the UID (and it shouldn't), you can create the new LDAP Directory (synchronization agreement) and the users will continue to synchronize and authenticate as normal.

(FYI: If you want to disable the original LDAP Directory without deleting it just yet, turn off the automatic synchronization.)

Maren

View solution in original post

2 Replies 2

Jaime Valencia
Cisco Employee
Cisco Employee

User are not removed immediately if they fail to sync, there are timers in place before the garbage disposal mechanism kicks in, refer to the SNRD for the full explanation on how the process works. Once they garbage disposal deletes the users, that's when you lose all the user/device/line associations.

 

I have no idea exactly what changes you're asked to perform, but you simply need to make sure:

A) The LDAP directory has valid information for the search base and and the user/password

B) The LDAP authentication has valid information and the search base covers ALL the OUs in the LDAP directories you have created

HTH

java

if this helps, please rate

Users replicated to CUCM are identified by their UID. Subsequent synchronizations of LDAP will map new LDAP information about an existing CUCM account by matching up the UID. As long as the OU restructuring in LDAP does not change the UID (and it shouldn't), you can create the new LDAP Directory (synchronization agreement) and the users will continue to synchronize and authenticate as normal.

(FYI: If you want to disable the original LDAP Directory without deleting it just yet, turn off the automatic synchronization.)

Maren