09-08-2011 09:07 AM - edited 03-19-2019 03:34 AM
Hello,
We've started to notice a slight problem with our Presence (CUPS) 8.5 install. When people are doing directory searches, names are coming up for disabled users. We have a OU setup in AD for specific accounts that we have to keep that have been disabled. The OU is at the same level as the rest of our AD structure. Because of that, I don't see how we can exlude it from the base search. Is there any other way to have these accounts excluded from searches?
Thank you!
Solved! Go to Solution.
09-13-2011 12:17 AM
Seems like this one used to work on CUPC 7.x but not on 8.x anymore.
I made a mistake. I observe the same behaviour as you in the lab
I will try and do some tests and if anything useful I will repost
Regards,
Christos
EDIT: Ok I was wrong again It does seem to work. It is just that I made a mistake in the syntaxt. I should have added another parenthesis and an '&' in the filter
;&(!(userAccountControl:1.2.840.113556.1.4.803:=2))
So it should be
dc=domain, dc=com;&(!(userAccountControl:1.2.840.113556.1.4.803:=2))
Can you give it a try ?
You need to save the config and relogin to CUPC for this to take affect
09-08-2011 02:07 PM
Hi,
Can you try putting the following
cn=users,dc=domain,dc=com;(!userAccountControl:1.2.840.113556.1.4.803:=2)
in the following location
Presence admin pages ---> Applications ---> Cisco Unified Personal Communicator ---> LDAP Profile
That should do the trick I think.
HTH,
Christos
09-08-2011 02:12 PM
Thanks for the response!
Should that take effect immediatly? I put it in but it didn't seem to help.
Edit: After a sign-out and back in, the results did change. I wasn't able to do any searching with the string in there.
09-08-2011 02:24 PM
Hi,
Yes you need to sign out first in order to take effect.
The cn=users,dc=domain,dc=com should be left as you had it originally. I just put it in the above command as an example. You just need to add the second part
;(!userAccountControl:1.2.840.113556.1.4.803:=2)
In my lab it seems to work
Regards,
Christos
09-12-2011 08:07 PM
I added everything after (and including) the semi-colon. I tried it again just to make sure. I wasn't able to lookup anyone in the directory that wasn't already on my contact list. We start our search at the root and are doing a recursive search if that helps. It loooked like:
dc=Value1,dc=Value2;(!userAccountControl:1.2.840.113556.1.4.803:=2)
Thoughts?
09-13-2011 12:17 AM
Seems like this one used to work on CUPC 7.x but not on 8.x anymore.
I made a mistake. I observe the same behaviour as you in the lab
I will try and do some tests and if anything useful I will repost
Regards,
Christos
EDIT: Ok I was wrong again It does seem to work. It is just that I made a mistake in the syntaxt. I should have added another parenthesis and an '&' in the filter
;&(!(userAccountControl:1.2.840.113556.1.4.803:=2))
So it should be
dc=domain, dc=com;&(!(userAccountControl:1.2.840.113556.1.4.803:=2))
Can you give it a try ?
You need to save the config and relogin to CUPC for this to take affect
09-23-2011 05:58 AM
That worked great!
Sorry it took me so long to respond. I saw the message on my BB and didn't see the edit. I was working on it again this morning and found something else that worked. Since all of the accounts were in a single OU, I was able to deny the user we use to look up the accounts the ability to view the OU. It had the same result. I removed that change and used yours, thank you very much for the help! I've marked it correct and gave you 5 stars!!!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide