08-31-2017 06:20 AM - edited 03-19-2019 12:45 PM
Hello,
I have a user that the alias (username) in LDAP has changed. In CUCM/end user it has all sync'd with the new username, however, in Unity it is still showing the old username. Unity is supposed to be set up to integrate with LDAP directory. I have confirmed that a sample group is set up to integrate and that is how it is supposed to be. This particular user, has "do not integrate with LDAP". When I try to change it and save it gives me an error (This user cannot be found in the LDAP Directory), which I understand because her old username has changed in LDAP. I know I can manually change all of her information to the new alias/username and make it work, but for troubleshooting purposes, I haven't corrected it yet. If I do import user (grasping at straws), it does import and has the correct extension in there but when I try to save, it will of course give me the error that a mailbox for that extension already exist. Does anyone know how I can make this automatically sync? I've never had this happen before, and as far as I know, it is the only user that it is happening on.
Thanks for any help!
Tiffany
Solved! Go to Solution.
09-01-2017 07:49 AM
08-31-2017 08:11 AM
I don't think this will sync automatically. Unity is matching the user ID to sAMAccountName in LDAP. Since this has now changed there is no way for Unity to know which account to synchronize with.
Brandon
09-01-2017 06:41 AM
09-01-2017 07:09 AM
Hi Chris,
I am using the samAccountName attribute to map. I've added a screen shot. I am using Unity Connection. I've manually performed a full sync and since then it sync's every night at 12am. Is there a way to verify that it has successfully sync'd? I see where it says the schedule but nothing to tell me that it did successfully sync this morning at 12am. I will take a look at the link! Thank you!
09-01-2017 07:34 AM
In the GUI you will only notice successful sync if the changes are visible in the Users > Import Users: Find End Users in [LDAP Directory] and search for a specific alias for import.
To verify successful synchronisation connect to the CLI (ssh session) and check the logfiles of the directory sync service.
Let me show you an example:
admin:file list activelog cm/trace/dirsync/log4j/ det dat
28 Jul,2017 21:02:50 0 DirSyncThreadDump.log
08 Aug,2017 10:02:59 1,048,791 dirsync00001.log
19 Aug,2017 03:03:02 1,048,698 dirsync00002.log
29 Aug,2017 22:00:21 1,048,674 dirsync00003.log
29 Aug,2017 22:00:21 36 dirsync.bin
01 Sep,2017 16:27:45 286,829 dirsync00004.log
dir count = 0, file count = 6
admin:file tail activelog cm/trace/dirsync/log4j/dirsync00004.log
.......
2017-09-01 16:27:25,011 INFO [DSLDAPSyncImpl(9a2afa99-215c-34e9-8efe-013e333be151)] ldapplugable.DSLDAPSyncImpl (DSLDAPSyncImpl.java:451) - LDAPSync(9a2afa99-215c-34e9-8efe-013e333be151)[Run] Successfully completed full sync
If there are issues with the sync it should even create dedicated error logfiles in the same directory. You can also collect them via RTMT (service is called Cisco DirSync).
BR,
Chris
09-01-2017 07:34 AM
Here is also the screen shot of LDAP>LDAP setup in Unity:
09-01-2017 07:49 AM
09-01-2017 08:58 AM
I am definitely getting an error when trying to sync:
admin:file list activelog cm/trace/dirsync/log4j
DirSyncThreadDump.log dirsync.bin
dirsync00001.log dirsync00002.log
dirsync00003.log dirsync00004.log
dirsync00005.log dirsync00006.log
dirsync00007.log dirsync00008.log
dirsync00009.log dirsync00010.log
dirsync_err.bin dirsync_err00001.log
dirsync_err00002.log dirsync_err00003.log
dirsync_err00004.log dirsync_err00005.log
dirsync_err00006.log dirsync_err00007.log
dirsync_err00008.log dirsync_err00009.log
dirsync_err00010.log dirsync_err00011.log
dirsync_err00012.log dirsync_err00013.log
dirsync_err00014.log
dir count = 0, file count = 27
admin:
When I try to view the error log, I get the following:
admin:file list activelog cm/trace/dirsync/log4j/dirsync_err00014.log det
01 Sep,2017 00:00:14 51,573 dirsync_err00014.log
but I don't see all of the information that you do. But yes, that is exactly what happens, I can import the user with the new username but obviously it gives me an error that it already exists on another user. I guess why I am confused is this has worked for years automatically and now it doesn't and nothing has changed.
09-01-2017 10:10 AM
09-01-2017 11:34 AM
Thank you for the CLI commands! So the log files do show the errors:
2017-08-30 00:00:00,588 ERROR [DirSync-DBInterface] common.DSDBInterface (DSDBInterface.java:530) - DSDBInterface.updateUserInfo LDAP data discarded: Missing LDAP attribute: Attribute Count=4 AgreementId=5393c365-ed11-afb2-41a2-b770285f9284
[userid, firstname, uniqueidentifier, discoveryuseridentity]
2017-08-30 00:00:00,647 ERROR [DirSync-DBInterface] common.DSDBInterface (DSDBInterface.java:530) - DSDBInterface.updateUserInfo LDAP data discarded: Missing LDAP attribute: Attribute Count=4 AgreementId=5393c365-ed11-afb2-41a2-b770285f9284
All of your help and information has been very helpful!! I am going to check with our system admin to get some additional info about the exchange server. You're assistance has been much appreciated!
[userid, firstname, uniqueidentifier, discoveryuseridentity]
03-22-2018 03:36 PM
04-07-2021 02:00 PM
Just in case anyone comes across this thread and is a little unclear about the possibility of changing a username and reintegrating with LDAP like I was, yes, it is possible and what's more, it's easy!
Use the tool linked in christoph.hable's post to log into your unity box, search and export a csv file of the user in question, edit it as needed, and use the tool to upload your updated csv file. The end result will be a mailbox with an updated user ID. You can then move the "Integrate with LDAP" radio button and save successfully. No need to delete the mailbox and make the user re-record their greeting; no lost voicemails either! Great post!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide