cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
6411
Views
25
Helpful
9
Replies

Users in AD Security Groups via LDAP Directory

Laura_Morales
Level 1
Level 1

I am using a  CUCM version 11 and I configured the LDAP User Search Base to point to a security group in LDAP Directory. The thing is that I can´t see the end users that belongs to that security group... the sync is completed but not correct. I tested with the "Users only" and the "Users and groups" synchronization options and no filters in order to bring all what is in there. The users are in another folder in AD of course... So I want to make sure this users can be imported using this method.

Is possible to bring the users that belongs to a security group in AD?
If yes: What synchronization option should I use?
           What aspects should I have to take care of in order to accomplish this?

9 Replies 9

Jaime Valencia
Cisco Employee
Cisco Employee

Pretty sure that won't work, you need to point directly to the OU/CN where the users are for this to work.

HTH

java

if this helps, please rate

Jaime,

That means that the LDAP group sync is just for contacts only? Can´t I see as end users the users in LDAP Directory that search in a security group?

The default filter is only meant to bring users

(&(objectclass=user)(!(objectclass=Computer))(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))

But you need to point to an OU/CN

HTH

java

if this helps, please rate

Yes of course if I point to OU I can bring the users without any issue.... the thing is that I can´t bring the users on a CN as a security group.... Any idea?

The system is not meant to do that, what you're trying to do, it just won't work.

The config can only use either an OU, or a CN, not a security group.

HTH

java

if this helps, please rate

Ok I just could bring the users from a security group into CUCM. On LDAP search I pointed to a container in AD and use the synchronization "Users and groups" and in the filter for USERS I create one like this:

(&(objectCategory=user)(memberOf=CN=SecurityGroupName,OU=abc,DC=def,DC=com))

Interesting, all of the information I found pointed to this not being possible, I stand corrected, is everything working fine?

HTH

java

if this helps, please rate

I just saw this notification. Yes, it worked fine at that moment. We needed to remove that configuration due our environment changed but it worked fine.

Hello Laura, I´m trying to do the same issue, did it work for you??  Can you explain the details how you did it??

 

Regards,