09-25-2012 08:00 AM - edited 03-19-2019 05:35 AM
On my client the subscribers base are get from the MS AD with LDAP access.
I have set up one AAA server for Authentication and Synchronization. For each Domain I set up a filter, based on the PhoneNumber prefix, to to only get the subscribers of the correspondent Domain. Each CUCM are synchronized with the same AD, but they get all subscribers in order to be able to implement the complete Phone Book for all domains on each domain.
I understand that the proper synchronization is:
1 - Call Proccessor infra
2 - Call Proccessor subscriber
3 - Domain
My doubt is the LDAP Server synchronization on each domain. At which point on the above sequence should happen the LDAP Synchronization?
Remember that the subscribers get on item 2 are the very same, but contain subscribers from all domains.
Based on this I imagine that the LDAP synchronization should be after item 3.
Additionaly I choosed on the Domain Synchronization Rules for each domain the "AssociateOnlyExistingUsers" to keep only on the domain the proper subscribers.
09-28-2012 03:44 PM
Hi,
I don't think it really matters when you do it. Just make sure this happens before the domain sync.
At the end of the day every sync needs to take place before the domain sync
It's only during the domain sync that you associate the users imported via LDAP sync to services imported via the rest of the sync.
I would do the LDAP sync first though.
HTH,
Christos
10-01-2012 04:51 AM
Hi Christos
I am wondering if the LDAP synchronization is automactically done when we schedule the Domain synchronization using the sync.bat script.
On the User Guide there is the procedure to schedule the LDAP sync or make it mannualy.
I am using the sync.bat script with the "all" parm that runs Infrastucture Processor sync, Subscriber Call Processor sync and Domain sync. As the LDAP sync is inside the Domain I am in doubt if I really need to schedule the LDAP sync as maybe the LDAP sync be done automactically when the Domain sync runs.
What you think about this?
This customer at the end will have 10 Domains. If I follow your advise I will need to schedule the 10 Domain LDAP syncs to run before all other syncs. The LDAP configuration on each Domain has a filter to get only the users pertinent the the correspondent Domain.
Thanks
10-01-2012 06:36 AM
Hi,
You will have to schedule the LDAP sync separately. The domain sync is a procedure during which CUPM does not contact any other application but rather it makes logical associations of all the objects that it gathered during all the syncs (ldap, infrastructure, subscriber etc)
You can schedule the LDAP sync as you correctly said to run before the domain sync for all the domains.
HTH,
Christos
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide