Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1016
Views
5
Helpful
4
Replies

CUCM Third Party AD Proxy

Seifeddine-Tlili
Level 1
Level 1

‎12-18-2018 10:44 AM

Hi

 

Is there a product in the market that can be used as proxy for AD integration

 

This is the scenario :

 

I need to import AD users into This third Party Application, add a tag to these users to differentiate between the business division and import them into CUCM selectively using that Tag (we have 5 clusters and each cluster need to import user with a specific TAG)

 

PS: We dont have Write access to AD, that`s why we need this third party tool to import the users, change what needs to be changed and export them to CUCM again (as directory)

 

Any ideas or experience with this ?

 

Thanks

0 Helpful
4 Replies 4

Jonathan Schulenberg
Hall of Fame
Hall of Fame

‎12-19-2018 05:19 PM

In modern versions Cisco will technically support any LDAPv3 server:
https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/admin/11_5_1/sysConfig/CUCM_BK_SE5DAF88_00_cucm-system-configuration-guide-1151/CUCM_BK_SE5DAF88_00_cucm-system-configuration-guide-1151_chapter_0100101.html#CUCM_TP_LC99B642_00

The main gotcha to be aware of is that with Active Directory only, CUCM also copies the ObjectGUID, allowing the username to be changed without losing association of the End User config. With everything else (eg OpenLDAP) it doesn’t do this; changing a username looks like the deletion of the old user and the creation of a new unrelated user.

The safest bet is to look into AD LDS and see if that can meet your needs.

Seifeddine-Tlili
Level 1
Level 1
In response to Jonathan Schulenberg

‎01-29-2019 10:23 AM

Hi Jonathan

I think i didnt explain the requirement correctly , we are looking for a third party LDAP server that will connect to our AD and CUCM can use that for authentication and pull out users so that we can manipulate user Attribute in the Third party LDAP tool so we dont have to write on AD.

 

I saw some product like starfish but looking for something that also can proxy the authentication .

0 Helpful

Jonathan Schulenberg
Hall of Fame
Hall of Fame
In response to Seifeddine-Tlili

‎01-29-2019 03:21 PM

Microsoft AD LDS is the only thing I'm aware of that could potentially do that.
0 Helpful

Ryan Huff
Level 4
Level 4
In response to Seifeddine-Tlili

‎01-31-2019 12:20 PM - edited ‎01-31-2019 12:22 PM

So if I understand you correctly, you want to essentially export user profiles from the AD environment that you only have READ access to, massage some data element in the export, then have CUCM be able to import the "massaged" AD profiles?

If I'm close, you might find it easier to use Power Shell to export (READ) the AD profiles to CSV and massage that data into appropriate CCM End User accounts on a Bulk Administration Tool User import into CCM and create the users as locally managed end user accounts.

You may find that maintaining CCM End Users as LDAP managed accounts, under your requirements, may present challenges with LDAP authentication, if you are attempting to manipulate the samAccountName attribute away from what it originally is in the actual Active Directory structure.

Hope this helps,

Ryan

(: ... please rate helpful posts ... :)

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents