I have over 400 existing End Users configured in CUCM 8.5. I want to add LDAP Authentication and Synchronization.
After I add the LDAP configuration and perform a sync and assuming the End User accounts are found in LDAP, will the existing Device Association (Controlled Devices) be retained or will I need to re-associate end users to their devices?
All existing device associations will be retained. The only thing that changes with matching End User accounts are the fields that are provided via LDAP (ie first name, last name, department, email address etc), everything else about that account will be exactly as it was before you turned on LDAP.
Ok. I was worried because when I go in to create a new LDAP integration it warns me that all existing CUCM users not in LDAP will be deleted.
That raises another question. If I find that some users aren't in LDAP, are they deleted right away, or do I have a few hours or days to "fix" LDAP and rescyn in CallManager?
Thanks for the reply.
Yes, you get some time to fix the issue. When you list your End Users, there will be an extra column called LDAP Sync Status. Matching accounts will be listed as 'Active', whilst non-matching accounts will be marked as 'Inactive'.
They won't actually be removed until the second night, I'm not sure of the exact timing, but basically I've always found that on the day it goes inactive, I then have the rest of that day, and the following day to resolve the problem.