Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
6111
Views
25
Helpful
11
Replies

Username change in LDAP but has not sync'd with Unity

Go to solution
tiffanydeporter
Level 1
Level 1

‎08-31-2017 06:20 AM - edited ‎03-19-2019 12:45 PM

Hello,

I have a user that the alias (username) in LDAP has changed. In CUCM/end user it has all sync'd with the new username, however, in Unity it is still showing the old username. Unity is supposed to be set up to integrate with LDAP directory. I have confirmed that a sample group is set up to integrate and that is how it is supposed to be. This particular user, has "do not integrate with LDAP". When I try to change it and save it gives me an error (This user cannot be found in the LDAP Directory), which I understand because her old username has changed in LDAP. I know I can manually change all of her information to the new alias/username and make it work, but for troubleshooting purposes, I haven't corrected it yet. If I do import user (grasping at straws), it does import and has the correct extension in there but when I try to save, it will of course give me the error that a mailbox for that extension already exist. Does anyone know how I can make this automatically sync? I've never had this happen before, and as far as I know, it is the only user that it is happening on.

Thanks for any help!

Tiffany

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
christoph.hable
Level 1
Level 1
In response to tiffanydeporter

‎09-01-2017 07:49 AM

If you only changed the alias i think you run into the issue that he won't update your user. Instead the dirsync would like to create a new user with a new mailbox. Since the same mail id is already in use he won't import it.

I think you will see following error message in your dirsync logfiles for your user:
I changed uid on my side from e.g. JohnDoe to JohnDoe2 and kept everything else the same.

2017-09-01 16:40:17,146 ERROR [DirSync-DBInterface] common.DSDBInterface (DSDBInterface.java:577) - DSDBInterface.updateUserInfo java.sql.SQLException: 19190
MESSAGE 19190
com.informix.jdbc.IfxSqli.a(IfxSqli.java:3125)
com.informix.jdbc.IfxSqli.E(IfxSqli.java:3407)
com.informix.jdbc.IfxSqli.dispatchMsg(IfxSqli.java:2324)
com.informix.jdbc.IfxSqli.receiveMessage(IfxSqli.java:2249)
com.informix.jdbc.IfxSqli.executeCommand(IfxSqli.java:838)
com.informix.jdbc.IfxResultSet.b(IfxResultSet.java:304)
com.informix.jdbc.IfxStatement.c(IfxStatement.java:1283)
com.informix.jdbc.IfxPreparedStatement.executeUpdate(IfxPreparedStatement.java:421)
com.cisco.ccm.dir.dirsync.common.DSDBInterface.insert(DSDBInterface.java:1179)
com.cisco.ccm.dir.dirsync.common.DSDBInterface.updateUserInfo(DSDBInterface.java:561)
com.cisco.ccm.dir.dirsync.common.DSDBInterface.messageReceived(DSDBInterface.java:136)
com.cisco.ccm.dir.dirsync.util.MessageThread.deliver(MessageThread.java:393)
com.cisco.ccm.dir.dirsync.util.MessageThread.deliverAll(MessageThread.java:366)
com.cisco.ccm.dir.dirsync.util.MessageThread.run(MessageThread.java:303)

2017-09-01 16:40:17,146 ERROR [DirSync-DBInterface] common.DSDBInterface (DSDBInterface.java:581) - DSDBInterface.updateUserInfo dbErrorNumber=19190
2017-09-01 16:40:17,147 ERROR [DirSync-DBInterface] common.DSDBInterface (DSDBInterface.java:593) - DSDBInterface.updateUserInfo For User :JohnDoe2 DB ERROR: MailID entered for EndUser already exists.
2017-09-01 16:40:17,714 INFO [DSLDAPSyncImpl(9a2afa99-215c-34e9-8efe-013e333be151)] common.DSDBInterface (DSDBInterface.java:1686) - DSDBInterface.setUserInactive Found 0 users in database needing update

IMHO you would need to use the Alias and Extension Update Tool if you need to change the alias for many users in a bulk way http://www.ciscounitytools.com/Applications/CxN/AliasAndExtensionUpdate/AliasAndExtensionUpdate.html

Since the alias is the primary identifier and mail id has to be unique there is no other option for this scenario.

BR,
Chris

View solution in original post

11 Replies 11

Go to solution
Brandon Buffin
VIP Alumni
VIP Alumni

‎08-31-2017 08:11 AM

I don't think this will sync automatically. Unity is matching the user ID to sAMAccountName in LDAP. Since this has now changed there is no way for Unity to know which account to synchronize with.

 

Brandon

0 Helpful

Go to solution
christoph.hable
Level 1
Level 1

‎09-01-2017 06:41 AM

Hi Tiffany,

which LDAP attribute are you using for the alias mapping? It has to fit to the alias you are using on the local user which is not integrated so far.
Following attributes are possible for alias mapping:
samAccountName,mail,employeeNumber,telephoneNumber or userPrincipleName ?

Please also check if you successfully synchronised your Active Directory under system settings > ldap > ldap directory configuration (I hope you are using Unity Connection and not Unity anymore? :) )

Have a look in the Unity Design Guide, especially the LDAP Integration Chapter explains a lot:

https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/connection/10x/design/guide/10xcucdgx/10xcucdg040.html#pgfId-1086367

BR,
Chris
0 Helpful

Go to solution
tiffanydeporter
Level 1
Level 1
In response to christoph.hable

‎09-01-2017 07:09 AM

Hi Chris,

I am using the samAccountName attribute to map. I've added a screen shot. I am using Unity Connection. I've manually performed a full sync and since then it sync's every night at 12am. Is there a way to verify that it has successfully sync'd? I see where it says the schedule but nothing to tell me that it did successfully sync this morning at 12am. I will take a look at the link! Thank you!

 

 

 

ldap sync.JPG

 

 

 

0 Helpful

Go to solution
christoph.hable
Level 1
Level 1
In response to tiffanydeporter

‎09-01-2017 07:34 AM

In the GUI you will only notice successful sync if the changes are visible in the Users > Import Users: Find End Users in [LDAP Directory] and search for a specific alias for import.

 

To verify successful synchronisation connect to the CLI (ssh session) and check the logfiles of the directory sync service.

 

Let me show you an example:

 

admin:file list activelog cm/trace/dirsync/log4j/ det dat
28 Jul,2017 21:02:50            0  DirSyncThreadDump.log
08 Aug,2017 10:02:59    1,048,791  dirsync00001.log
19 Aug,2017 03:03:02    1,048,698  dirsync00002.log
29 Aug,2017 22:00:21    1,048,674  dirsync00003.log
29 Aug,2017 22:00:21           36  dirsync.bin
01 Sep,2017 16:27:45      286,829  dirsync00004.log
dir count = 0, file count = 6
admin:file tail activelog cm/trace/dirsync/log4j/dirsync00004.log

.......

2017-09-01 16:27:25,011 INFO  [DSLDAPSyncImpl(9a2afa99-215c-34e9-8efe-013e333be151)] ldapplugable.DSLDAPSyncImpl (DSLDAPSyncImpl.java:451) - LDAPSync(9a2afa99-215c-34e9-8efe-013e333be151)[Run] Successfully completed full sync

 

If there are issues with the sync it should even create dedicated error logfiles in the same directory. You can also collect them via RTMT (service is called Cisco DirSync).

 

BR,

Chris

Go to solution
tiffanydeporter
Level 1
Level 1
In response to christoph.hable

‎09-01-2017 07:34 AM

Here is also the screen shot of LDAP>LDAP setup in Unity:

Unity LDAP attribute.JPG

 

 

 

0 Helpful

Go to solution
christoph.hable
Level 1
Level 1
In response to tiffanydeporter

‎09-01-2017 07:49 AM

If you only changed the alias i think you run into the issue that he won't update your user. Instead the dirsync would like to create a new user with a new mailbox. Since the same mail id is already in use he won't import it.

I think you will see following error message in your dirsync logfiles for your user:
I changed uid on my side from e.g. JohnDoe to JohnDoe2 and kept everything else the same.

2017-09-01 16:40:17,146 ERROR [DirSync-DBInterface] common.DSDBInterface (DSDBInterface.java:577) - DSDBInterface.updateUserInfo java.sql.SQLException: 19190
MESSAGE 19190
com.informix.jdbc.IfxSqli.a(IfxSqli.java:3125)
com.informix.jdbc.IfxSqli.E(IfxSqli.java:3407)
com.informix.jdbc.IfxSqli.dispatchMsg(IfxSqli.java:2324)
com.informix.jdbc.IfxSqli.receiveMessage(IfxSqli.java:2249)
com.informix.jdbc.IfxSqli.executeCommand(IfxSqli.java:838)
com.informix.jdbc.IfxResultSet.b(IfxResultSet.java:304)
com.informix.jdbc.IfxStatement.c(IfxStatement.java:1283)
com.informix.jdbc.IfxPreparedStatement.executeUpdate(IfxPreparedStatement.java:421)
com.cisco.ccm.dir.dirsync.common.DSDBInterface.insert(DSDBInterface.java:1179)
com.cisco.ccm.dir.dirsync.common.DSDBInterface.updateUserInfo(DSDBInterface.java:561)
com.cisco.ccm.dir.dirsync.common.DSDBInterface.messageReceived(DSDBInterface.java:136)
com.cisco.ccm.dir.dirsync.util.MessageThread.deliver(MessageThread.java:393)
com.cisco.ccm.dir.dirsync.util.MessageThread.deliverAll(MessageThread.java:366)
com.cisco.ccm.dir.dirsync.util.MessageThread.run(MessageThread.java:303)

2017-09-01 16:40:17,146 ERROR [DirSync-DBInterface] common.DSDBInterface (DSDBInterface.java:581) - DSDBInterface.updateUserInfo dbErrorNumber=19190
2017-09-01 16:40:17,147 ERROR [DirSync-DBInterface] common.DSDBInterface (DSDBInterface.java:593) - DSDBInterface.updateUserInfo For User :JohnDoe2 DB ERROR: MailID entered for EndUser already exists.
2017-09-01 16:40:17,714 INFO [DSLDAPSyncImpl(9a2afa99-215c-34e9-8efe-013e333be151)] common.DSDBInterface (DSDBInterface.java:1686) - DSDBInterface.setUserInactive Found 0 users in database needing update

IMHO you would need to use the Alias and Extension Update Tool if you need to change the alias for many users in a bulk way http://www.ciscounitytools.com/Applications/CxN/AliasAndExtensionUpdate/AliasAndExtensionUpdate.html

Since the alias is the primary identifier and mail id has to be unique there is no other option for this scenario.

BR,
Chris

Go to solution
tiffanydeporter
Level 1
Level 1
In response to christoph.hable

‎09-01-2017 08:58 AM

I am definitely getting an error when trying to sync:

admin:file list activelog cm/trace/dirsync/log4j
DirSyncThreadDump.log                   dirsync.bin
dirsync00001.log                        dirsync00002.log
dirsync00003.log                        dirsync00004.log
dirsync00005.log                        dirsync00006.log
dirsync00007.log                        dirsync00008.log
dirsync00009.log                        dirsync00010.log
dirsync_err.bin                         dirsync_err00001.log
dirsync_err00002.log                    dirsync_err00003.log
dirsync_err00004.log                    dirsync_err00005.log
dirsync_err00006.log                    dirsync_err00007.log
dirsync_err00008.log                    dirsync_err00009.log
dirsync_err00010.log                    dirsync_err00011.log
dirsync_err00012.log                    dirsync_err00013.log
dirsync_err00014.log
dir count = 0, file count = 27
admin:

 

When I try to view the error log, I get the following:

admin:file list activelog cm/trace/dirsync/log4j/dirsync_err00014.log det
01 Sep,2017 00:00:14       51,573  dirsync_err00014.log

 

but I don't see all of the information that you do. But yes, that is exactly what happens, I can import the user with the new username but obviously it gives me an error that it already exists on another user. I guess why I am confused is this has worked for years automatically and now it doesn't and nothing has changed.

0 Helpful

Go to solution
christoph.hable
Level 1
Level 1
In response to tiffanydeporter

‎09-01-2017 10:10 AM

Hi!

There are different parameters available - you have to use "view"instead of "list", then you should receive an output.
file view activelog cm/trace/dirsync/log4j/dirsync_err00014.log
The behavior changed with UCM 10.x that mail id has to be unique for each user. Since Unity Connection is using the same Directory Sync process (which results in above cm trace path) it would explain you the issue but verify it by reading the log files.
BR,
Christoph

Go to solution
tiffanydeporter
Level 1
Level 1
In response to christoph.hable

‎09-01-2017 11:34 AM

Thank you for the CLI commands! So the log files do show the errors:

 

2017-08-30 00:00:00,588 ERROR [DirSync-DBInterface] common.DSDBInterface (DSDBInterface.java:530) - DSDBInterface.updateUserInfo LDAP data discarded: Missing LDAP attribute: Attribute Count=4 AgreementId=5393c365-ed11-afb2-41a2-b770285f9284
[userid, firstname, uniqueidentifier, discoveryuseridentity]
2017-08-30 00:00:00,647 ERROR [DirSync-DBInterface] common.DSDBInterface (DSDBInterface.java:530) - DSDBInterface.updateUserInfo LDAP data discarded: Missing LDAP attribute: Attribute Count=4 AgreementId=5393c365-ed11-afb2-41a2-b770285f9284

 

All of your help and information has been very helpful!! I am going to check with our system admin to get some additional info about the exchange server. You're assistance has been much appreciated!
[userid, firstname, uniqueidentifier, discoveryuseridentity]

0 Helpful

Go to solution
lucasmarcel
Level 1
Level 1
In response to christoph.hable

‎03-22-2018 03:36 PM

Thanks a lot for mentioning the Alias and Extension Update Tool. Used it for the first time today and it worked perfectly.
0 Helpful

Go to solution
twedell
Level 1
Level 1

‎04-07-2021 02:00 PM

Just in case anyone comes across this thread and is a little unclear about the possibility of changing a username and reintegrating with LDAP like I was, yes, it is possible and what's more, it's easy!

 

Use the tool linked in christoph.hable's post to log into your unity box, search and export a csv file of the user in question, edit it as needed, and use the tool to upload your updated csv file. The end result will be a mailbox with an updated user ID. You can then move the "Integrate with LDAP" radio button and save successfully. No need to delete the mailbox and make the user re-record their greeting; no lost voicemails either! Great post!

0 Helpful
li.common.scroll-to.top