cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Walkthrough Wednesdays
1432
Views
0
Helpful
3
Replies
pedram
Beginner

Disabling a user in Active directory (LDAP integeration on Unity connection ) does not lead to disable voice mail in Unity

Customer and I expected when we disable an account in AD it disable Voice mail in Unity connection too so we should not be able to hear or leave a VM. The sync with AD happens every night at midnight (attached file)

2.AD account disabled 2:15pm on Jan 14 2016, tried to leave message and login to VM – Still working
3.  confirmed AD sync happens at midnight everyday
4. Jan 15 2016 morning before AD account reactive, I still able to login to VM to listen message and still able to leave message to my VM
5. On Unity, I can see the sync is working and status show user has been deleted form LDAP and Inactive, see screen shot below (checked attached file)


Why disabling an account from AD does not disable the VM which is integrated to LDAP.

1 ACCEPTED SOLUTION

Accepted Solutions
Rob Huffman
Hall of Fame Community Legend

Hi there,

I believe what you are seeing is the expected behavior (see note below);

When the LDAP user account for a Connection user is disabled or deleted, or if an LDAP directory configuration is deleted from the Connection system, the following occurs:

1. Initially, when Connection users try to sign in to a Connection web application, LDAP authentication fails because Connection is still trying to authenticate against the LDAP directory.

If you have multiple LDAP directory configurations accessing multiple LDAP user search bases, and if only one configuration was deleted, only the users in the associated user search base are affected. Users in other user search bases are still able to sign in to Connection web applications.

2. At the first scheduled synchronization, users are marked as “LDAP inactive” in Connection.

Attempts to sign in to Connection web applications continue to fail.

3. At the next scheduled synchronization that occurs at least 24 hours after users are marked as “LDAP inactive,” all Connection users whose accounts were associated with LDAP accounts are converted to Connection standalone users.

For each Connection user, the password for Connection web applications and for IMAP email access to Connection voice messages becomes the password that was stored in the Connection database when the user account was created. (This is usually the password in the user template that was used to create the user.) Connection users do not know this password, so an administrator must reset it.

The numeric password (PIN) for the telephone user interface and the voice user interface remains unchanged.

From;

http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/connection/8x/design/guide/8xcucdgx/8xcucdg040.html

Cheers!

Rob

View solution in original post

3 REPLIES 3
Rob Huffman
Hall of Fame Community Legend

Hi there,

I believe what you are seeing is the expected behavior (see note below);

When the LDAP user account for a Connection user is disabled or deleted, or if an LDAP directory configuration is deleted from the Connection system, the following occurs:

1. Initially, when Connection users try to sign in to a Connection web application, LDAP authentication fails because Connection is still trying to authenticate against the LDAP directory.

If you have multiple LDAP directory configurations accessing multiple LDAP user search bases, and if only one configuration was deleted, only the users in the associated user search base are affected. Users in other user search bases are still able to sign in to Connection web applications.

2. At the first scheduled synchronization, users are marked as “LDAP inactive” in Connection.

Attempts to sign in to Connection web applications continue to fail.

3. At the next scheduled synchronization that occurs at least 24 hours after users are marked as “LDAP inactive,” all Connection users whose accounts were associated with LDAP accounts are converted to Connection standalone users.

For each Connection user, the password for Connection web applications and for IMAP email access to Connection voice messages becomes the password that was stored in the Connection database when the user account was created. (This is usually the password in the user template that was used to create the user.) Connection users do not know this password, so an administrator must reset it.

The numeric password (PIN) for the telephone user interface and the voice user interface remains unchanged.

From;

http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/connection/8x/design/guide/8xcucdgx/8xcucdg040.html

Cheers!

Rob

View solution in original post

Thanks for the information however my question is about voice mail.

so if I am not wrong .It take another 24 hour for user to notice he/she can not log in to the voice mail and nobody can leave a voice mail.

In other word as the sync happens ad midnight ,it take 24 hours to see the "LDAP inactive' and it takes another 24 hours to disable his/her voice mail.

Am I right? 

pedram
Beginner

After disabling the user in AD or locking the user in Unity connection :

Anyone could leave a message but the user can not listen to their VM.The requirement is event nobody should be able to leave a message.

Any thought?

Content for Community-Ad

Spotlight Awards 2021