Solved: LDAP user is not Synching in.

JBrav0 · ‎06-03-2021

Currently having issues synching new employees in AD to CUCM. Has anyone ran into this, or know some troubleshooting steps? Before I would just perform full synch and the users would appear, but about a week ago after creating a new user, they would not pick them up. I verified that all the lines on an AD profile were filled unless there's a specific one that matters and I don't know about.

I can't seem to figure out the issue and I can't think of any changes at all that may have caused this.

When I do perform full synch no errors appear. The system just says that the synch was successful, but the new users don't appear.

JBrav0 · ‎06-04-2021

Okay, I was able to figure out the issue.

I want to start off by explaining some more of the situation. Im still learning the system and the only 2 people that had set it up were long gone and I'm still new.

with that said anyone in the same situation that finds this question, I will provide a video on how the sync system is set up that I found on youtube, just so you know the simple process.

'https://www.youtube.com/watch?v=hiuMoa-sYW8'

What I ended up doing was going to the LDAP Directory in CUCM and under LDAP Manager Distinguished Name I noticed the format. it was CN=CUCM,OU=IT,DC=example,DC=local. out of curiosity, I changed it to 'CUCM@example.local', saved it, and performed full sync. This resolved the issue.

View solution in original post

Roger Kallberg · ‎06-03-2021

Verify that all users has the field “sn” set. This is the only out of the box mandatory field for a user to be synchronised. If you use a custom LDAP filter for your synchronisation there could be additional fields that are required. It all depends on what you have defined in the filter.

Elliot Dierksen · ‎06-03-2021

What is your LDAP search base? Are the users possibly being created in a different location in the LDAP tree? Also, has the password expired on the account you are using to do the LDAP sync? The only special permissions the LDAP sync account requires are "read all properties of user objects" and (optionally) "password never expires".

JBrav0 · ‎06-03-2021

I attached what I think is the LDAP search base. They are being created in the only and same LDAP tree. The password to the account is set to never expire.

Elliot Dierksen · ‎06-03-2021

The LDAP search base in your screen shot is empty.

JBrav0 · ‎06-04-2021

Thank you, I was able to figure out the issue and posted it as a reply and solution in the page.

Nithin Eluvathingal · ‎06-03-2021

AFAIK, the configuration page is for "Directory Server User Search for Cisco Mobile and Remote Access Clients and Endpoints". To sync user from AD to CUCM, configuration is on "LDAP Directory"

Nithin Eluvathingal · ‎06-03-2021

Make sure the user has last name configured on AD, with only first name User will not get synced.

JBrav0 · ‎06-04-2021

Thank you, I was able to figure out the issue and posted it as a reply and solution on the page.

JBrav0 · ‎06-04-2021

Okay, I was able to figure out the issue.

I want to start off by explaining some more of the situation. Im still learning the system and the only 2 people that had set it up were long gone and I'm still new.

with that said anyone in the same situation that finds this question, I will provide a video on how the sync system is set up that I found on youtube, just so you know the simple process.

'https://www.youtube.com/watch?v=hiuMoa-sYW8'

What I ended up doing was going to the LDAP Directory in CUCM and under LDAP Manager Distinguished Name I noticed the format. it was CN=CUCM,OU=IT,DC=example,DC=local. out of curiosity, I changed it to 'CUCM@example.local', saved it, and performed full sync. This resolved the issue.