cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
29334
Views
0
Helpful
17
Replies

Prime Collaboration Provisioning 10.5

timhughsmith
Level 4
Level 4

Hi guys,

This thread caught my attention recently.

Cisco Prime Collaboration Provisioning Advanced 10 bugs/issues

I'm currently trying to set up Prime Collaboration Provisioning - all version 10.5 products (PCP, CUCM, CUCXN, IMP)

It would be great to get some information on "best practice" or suggested type practice.

A couple of the things I am struggling with

- Combinations of services and service bundles to make things as simple as possible for an admin - i.e. I want an EM profile, EM line, Jabber softphone, Jabber IMP services set and voicemail box. Can I do this with the admin only having to order 1 x service?

- LDAP / Domain syncs - typical CUCM deployment is LDAP integrated for sync and authentication. I find the LDAP and Domain sync settings confusing as they seem to overlap

- Details on setting up Auto Provisioning with LDAP integrated CUCM - documentation says this only works with users added to prime or synced from LDAP and it says to avoid domain sync.

Cheers,

Tim.

17 Replies 17

keglass
Level 7
Level 7

Tim,

Since you are a Cisco partner with access to the Cisco Partner Community, I recommend you also post this question to that Community for additional feedback and for access to resources specifically for partners.

Unified Communications

In the meantime, I have reached out to our product managers to help address your questions.

Hope this helps. Thank you for participating in the Cisco Collaboration Community.

Kelli Glass

Moderator for Cisco Customer Communities

Hi,

This issue causing me a lot of trouble

Details on setting up Auto Provisioning with LDAP integrated CUCM - documentation says this only works with users added to prime or synced from LDAP and it says to avoid domain syncDetails on setting up Auto Provisioning with LDAP integrated CUCM - documentation says this only works with users added to prime or synced from LDAP and it says to avoid domain sync

I get users to prime by domain sync from cucm and it is integrated with LDAP. So I can't auto provision services for them. Is there any solution or work around for this issue

Thanks

Haitham

Hi mate,

Are your CUCM users coming from LDAP? or are you managing them locally in CUCM database?

Cheers,

Tim.

Yes CUCM is integrated with LDAP

So if it's LDAP, you should be able to sync users from LDAP into PCP and it should auto provision.

There seems to be some confusion around the CUCM > LDAP sync, and the Domain sync then in PCP.

I'm pretty sure I got a very basic sync from LDAP > PCP to work (while CUCM was still synced to LDAP)

I then hit an issue with a patch, and it broke. I didn't get a chance to go back and re-test properly.

I've asked for some clarification on the LDAP > CUCM recommendation, and I'll post back when I receive the answer.

I actually ran out of time on this one. I'm going to re-visit when the next release comes out (shortly).

Cheers,

Tim

Thanks Tim for your answer

So please keep us updated for new

So this statement should work or to wait for next releases :

it says to avoid domain syncDetails on setting up Auto Provisioning with LDAP integrated CUCM

Thanks

Haitham

Hi.

There is no need to keep CUCM synchronized with LDAP. PCP synchronization to LDAP is enough. In fact when you look at the configuration that results from the PCP Getting Started Wizard (which allows to create a working CUCM/CUC/CUP configuration starting with "empty" servers), the LDAP integration is configured on CUCM, but the "enable synchronizing from LDAP server" checkbox is not set. We just in that case only keep the authentication active ("use LDAP authentication for end users") which is needed for ccmuser, CTI control.... And then auto-provisioning works fine either based on scheduled LDAP synchronization (configured at the domain level) or using the "import" button (under deploy -> user provisioning).

Thanks

/Phil

Hi Phil,

This is the bit that I had trouble getting a straight answer on.

You are saying leave CUCM sync enabled so we can use LDAP authentication.

That means PCP will create the users on CUCM via AXL (which makes sense)

I thought this meant the users would be created as local end users in CUCM?

So why / how would CUCM decide to authenticate their passwords against LDAP?

Cheers,

Tim.

No, I didn't say that. If you read my answer I said: There is no need to keep CUCM synchronized with LDAP.

I am attaching screenshots of a typical CUCM setup when PCP is integrated with LDAP. CUCM-LDAP-1.png

CUCM-LDAP-2.png

And on the other side, no, users are not created as local users. They are created based on scheduled PCP-LDAP synchronization (configured at the domain level) or using the "import users" button (under deploy -> user provisioning -> import users -> from LDAP) and they are created in CUCM as "active LDAP synchronized users". We can have a webex if you want, so that I can show you all this live on my lab. I will be available today until 11:00 am CET.

/Phil

Hi Phil,

Sorry yes, I didn't really convey that correctly. I understood you meant leave LDAP dir integration configured, but sync is actually disabled.

WebEx would be fantastic. I'm available now.

Cheers,

Tim

Need your email address to send the webex invite, and the communities forum says its private...

Thanks

/Phil

Hi Phil,

I configured the above sollution, but when I import the user in PCP from ldap, the user is configured as local enduser in the CUCM. What can be the problem here?

Thanks for your help.

Regards,

Maik

Hello,

I have exactly the same problem, did you find a working solution ?

Regards,

Martin

fdelgado5
Level 1
Level 1

Team please take a minute "literally" to review this product:

http://www.akkadianlabs.com/cisco-provisioning-in-40-seconds/

LDAP or Local user with Multi Devices not a problem, enjoy.