cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2494
Views
20
Helpful
10
Replies
Highlighted
Beginner

Username change in LDAP but has not sync'd with Unity

Hello,

I have a user that the alias (username) in LDAP has changed. In CUCM/end user it has all sync'd with the new username, however, in Unity it is still showing the old username. Unity is supposed to be set up to integrate with LDAP directory. I have confirmed that a sample group is set up to integrate and that is how it is supposed to be. This particular user, has "do not integrate with LDAP". When I try to change it and save it gives me an error (This user cannot be found in the LDAP Directory), which I understand because her old username has changed in LDAP. I know I can manually change all of her information to the new alias/username and make it work, but for troubleshooting purposes, I haven't corrected it yet. If I do import user (grasping at straws), it does import and has the correct extension in there but when I try to save, it will of course give me the error that a mailbox for that extension already exist. Does anyone know how I can make this automatically sync? I've never had this happen before, and as far as I know, it is the only user that it is happening on.

Thanks for any help!

Tiffany

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

Re: Username change in LDAP but has not sync'd with Unity

If you only changed the alias i think you run into the issue that he won't update your user. Instead the dirsync would like to create a new user with a new mailbox. Since the same mail id is already in use he won't import it.

I think you will see following error message in your dirsync logfiles for your user:
I changed uid on my side from e.g. JohnDoe to JohnDoe2 and kept everything else the same.

2017-09-01 16:40:17,146 ERROR [DirSync-DBInterface] common.DSDBInterface (DSDBInterface.java:577) - DSDBInterface.updateUserInfo java.sql.SQLException: 19190
MESSAGE 19190
com.informix.jdbc.IfxSqli.a(IfxSqli.java:3125)
com.informix.jdbc.IfxSqli.E(IfxSqli.java:3407)
com.informix.jdbc.IfxSqli.dispatchMsg(IfxSqli.java:2324)
com.informix.jdbc.IfxSqli.receiveMessage(IfxSqli.java:2249)
com.informix.jdbc.IfxSqli.executeCommand(IfxSqli.java:838)
com.informix.jdbc.IfxResultSet.b(IfxResultSet.java:304)
com.informix.jdbc.IfxStatement.c(IfxStatement.java:1283)
com.informix.jdbc.IfxPreparedStatement.executeUpdate(IfxPreparedStatement.java:421)
com.cisco.ccm.dir.dirsync.common.DSDBInterface.insert(DSDBInterface.java:1179)
com.cisco.ccm.dir.dirsync.common.DSDBInterface.updateUserInfo(DSDBInterface.java:561)
com.cisco.ccm.dir.dirsync.common.DSDBInterface.messageReceived(DSDBInterface.java:136)
com.cisco.ccm.dir.dirsync.util.MessageThread.deliver(MessageThread.java:393)
com.cisco.ccm.dir.dirsync.util.MessageThread.deliverAll(MessageThread.java:366)
com.cisco.ccm.dir.dirsync.util.MessageThread.run(MessageThread.java:303)

2017-09-01 16:40:17,146 ERROR [DirSync-DBInterface] common.DSDBInterface (DSDBInterface.java:581) - DSDBInterface.updateUserInfo dbErrorNumber=19190
2017-09-01 16:40:17,147 ERROR [DirSync-DBInterface] common.DSDBInterface (DSDBInterface.java:593) - DSDBInterface.updateUserInfo For User :JohnDoe2 DB ERROR: MailID entered for EndUser already exists.
2017-09-01 16:40:17,714 INFO [DSLDAPSyncImpl(9a2afa99-215c-34e9-8efe-013e333be151)] common.DSDBInterface (DSDBInterface.java:1686) - DSDBInterface.setUserInactive Found 0 users in database needing update

IMHO you would need to use the Alias and Extension Update Tool if you need to change the alias for many users in a bulk way http://www.ciscounitytools.com/Applications/CxN/AliasAndExtensionUpdate/AliasAndExtensionUpdate.html

Since the alias is the primary identifier and mail id has to be unique there is no other option for this scenario.

BR,
Chris

View solution in original post

10 REPLIES 10
Highlighted

Re: Username change in LDAP but has not sync'd with Unity

I don't think this will sync automatically. Unity is matching the user ID to sAMAccountName in LDAP. Since this has now changed there is no way for Unity to know which account to synchronize with.

 

Brandon

Highlighted

Re: Username change in LDAP but has not sync'd with Unity

Hi Tiffany,

which LDAP attribute are you using for the alias mapping? It has to fit to the alias you are using on the local user which is not integrated so far.
Following attributes are possible for alias mapping:
samAccountName,mail,employeeNumber,telephoneNumber or userPrincipleName ?

Please also check if you successfully synchronised your Active Directory under system settings > ldap > ldap directory configuration (I hope you are using Unity Connection and not Unity anymore? :) )

Have a look in the Unity Design Guide, especially the LDAP Integration Chapter explains a lot:

https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/connection/10x/design/guide/10xcucdgx/10xcucdg040.html#pgfId-1086367

BR,
Chris
Highlighted
Beginner

Re: Username change in LDAP but has not sync'd with Unity

Hi Chris,

I am using the samAccountName attribute to map. I've added a screen shot. I am using Unity Connection. I've manually performed a full sync and since then it sync's every night at 12am. Is there a way to verify that it has successfully sync'd? I see where it says the schedule but nothing to tell me that it did successfully sync this morning at 12am. I will take a look at the link! Thank you!

 

 

 

ldap sync.JPG

 

 

 

Highlighted

Re: Username change in LDAP but has not sync'd with Unity

In the GUI you will only notice successful sync if the changes are visible in the Users > Import Users: Find End Users in [LDAP Directory] and search for a specific alias for import.

 

To verify successful synchronisation connect to the CLI (ssh session) and check the logfiles of the directory sync service.

 

Let me show you an example:

 

admin:file list activelog cm/trace/dirsync/log4j/ det dat
28 Jul,2017 21:02:50            0  DirSyncThreadDump.log
08 Aug,2017 10:02:59    1,048,791  dirsync00001.log
19 Aug,2017 03:03:02    1,048,698  dirsync00002.log
29 Aug,2017 22:00:21    1,048,674  dirsync00003.log
29 Aug,2017 22:00:21           36  dirsync.bin
01 Sep,2017 16:27:45      286,829  dirsync00004.log
dir count = 0, file count = 6
admin:file tail activelog cm/trace/dirsync/log4j/dirsync00004.log

.......

2017-09-01 16:27:25,011 INFO  [DSLDAPSyncImpl(9a2afa99-215c-34e9-8efe-013e333be151)] ldapplugable.DSLDAPSyncImpl (DSLDAPSyncImpl.java:451) - LDAPSync(9a2afa99-215c-34e9-8efe-013e333be151)[Run] Successfully completed full sync

 

If there are issues with the sync it should even create dedicated error logfiles in the same directory. You can also collect them via RTMT (service is called Cisco DirSync).

 

BR,

Chris

Highlighted
Beginner

Re: Username change in LDAP but has not sync'd with Unity

Here is also the screen shot of LDAP>LDAP setup in Unity:

Unity LDAP attribute.JPG

 

 

 

Highlighted

Re: Username change in LDAP but has not sync'd with Unity

If you only changed the alias i think you run into the issue that he won't update your user. Instead the dirsync would like to create a new user with a new mailbox. Since the same mail id is already in use he won't import it.

I think you will see following error message in your dirsync logfiles for your user:
I changed uid on my side from e.g. JohnDoe to JohnDoe2 and kept everything else the same.

2017-09-01 16:40:17,146 ERROR [DirSync-DBInterface] common.DSDBInterface (DSDBInterface.java:577) - DSDBInterface.updateUserInfo java.sql.SQLException: 19190
MESSAGE 19190
com.informix.jdbc.IfxSqli.a(IfxSqli.java:3125)
com.informix.jdbc.IfxSqli.E(IfxSqli.java:3407)
com.informix.jdbc.IfxSqli.dispatchMsg(IfxSqli.java:2324)
com.informix.jdbc.IfxSqli.receiveMessage(IfxSqli.java:2249)
com.informix.jdbc.IfxSqli.executeCommand(IfxSqli.java:838)
com.informix.jdbc.IfxResultSet.b(IfxResultSet.java:304)
com.informix.jdbc.IfxStatement.c(IfxStatement.java:1283)
com.informix.jdbc.IfxPreparedStatement.executeUpdate(IfxPreparedStatement.java:421)
com.cisco.ccm.dir.dirsync.common.DSDBInterface.insert(DSDBInterface.java:1179)
com.cisco.ccm.dir.dirsync.common.DSDBInterface.updateUserInfo(DSDBInterface.java:561)
com.cisco.ccm.dir.dirsync.common.DSDBInterface.messageReceived(DSDBInterface.java:136)
com.cisco.ccm.dir.dirsync.util.MessageThread.deliver(MessageThread.java:393)
com.cisco.ccm.dir.dirsync.util.MessageThread.deliverAll(MessageThread.java:366)
com.cisco.ccm.dir.dirsync.util.MessageThread.run(MessageThread.java:303)

2017-09-01 16:40:17,146 ERROR [DirSync-DBInterface] common.DSDBInterface (DSDBInterface.java:581) - DSDBInterface.updateUserInfo dbErrorNumber=19190
2017-09-01 16:40:17,147 ERROR [DirSync-DBInterface] common.DSDBInterface (DSDBInterface.java:593) - DSDBInterface.updateUserInfo For User :JohnDoe2 DB ERROR: MailID entered for EndUser already exists.
2017-09-01 16:40:17,714 INFO [DSLDAPSyncImpl(9a2afa99-215c-34e9-8efe-013e333be151)] common.DSDBInterface (DSDBInterface.java:1686) - DSDBInterface.setUserInactive Found 0 users in database needing update

IMHO you would need to use the Alias and Extension Update Tool if you need to change the alias for many users in a bulk way http://www.ciscounitytools.com/Applications/CxN/AliasAndExtensionUpdate/AliasAndExtensionUpdate.html

Since the alias is the primary identifier and mail id has to be unique there is no other option for this scenario.

BR,
Chris

View solution in original post

Highlighted
Beginner

Re: Username change in LDAP but has not sync'd with Unity

I am definitely getting an error when trying to sync:

admin:file list activelog cm/trace/dirsync/log4j
DirSyncThreadDump.log                   dirsync.bin
dirsync00001.log                        dirsync00002.log
dirsync00003.log                        dirsync00004.log
dirsync00005.log                        dirsync00006.log
dirsync00007.log                        dirsync00008.log
dirsync00009.log                        dirsync00010.log
dirsync_err.bin                         dirsync_err00001.log
dirsync_err00002.log                    dirsync_err00003.log
dirsync_err00004.log                    dirsync_err00005.log
dirsync_err00006.log                    dirsync_err00007.log
dirsync_err00008.log                    dirsync_err00009.log
dirsync_err00010.log                    dirsync_err00011.log
dirsync_err00012.log                    dirsync_err00013.log
dirsync_err00014.log
dir count = 0, file count = 27
admin:

 

When I try to view the error log, I get the following:

admin:file list activelog cm/trace/dirsync/log4j/dirsync_err00014.log det
01 Sep,2017 00:00:14       51,573  dirsync_err00014.log

 

but I don't see all of the information that you do. But yes, that is exactly what happens, I can import the user with the new username but obviously it gives me an error that it already exists on another user. I guess why I am confused is this has worked for years automatically and now it doesn't and nothing has changed.

Highlighted

Re: Username change in LDAP but has not sync'd with Unity

Hi!

There are different parameters available - you have to use "view"instead of "list", then you should receive an output.
file view activelog cm/trace/dirsync/log4j/dirsync_err00014.log
The behavior changed with UCM 10.x that mail id has to be unique for each user. Since Unity Connection is using the same Directory Sync process (which results in above cm trace path) it would explain you the issue but verify it by reading the log files.
BR,
Christoph
Highlighted
Beginner

Re: Username change in LDAP but has not sync'd with Unity

Thank you for the CLI commands! So the log files do show the errors:

 

2017-08-30 00:00:00,588 ERROR [DirSync-DBInterface] common.DSDBInterface (DSDBInterface.java:530) - DSDBInterface.updateUserInfo LDAP data discarded: Missing LDAP attribute: Attribute Count=4 AgreementId=5393c365-ed11-afb2-41a2-b770285f9284
[userid, firstname, uniqueidentifier, discoveryuseridentity]
2017-08-30 00:00:00,647 ERROR [DirSync-DBInterface] common.DSDBInterface (DSDBInterface.java:530) - DSDBInterface.updateUserInfo LDAP data discarded: Missing LDAP attribute: Attribute Count=4 AgreementId=5393c365-ed11-afb2-41a2-b770285f9284

 

All of your help and information has been very helpful!! I am going to check with our system admin to get some additional info about the exchange server. You're assistance has been much appreciated!
[userid, firstname, uniqueidentifier, discoveryuseridentity]

Highlighted
Beginner

Re: Username change in LDAP but has not sync'd with Unity

Thanks a lot for mentioning the Alias and Extension Update Tool. Used it for the first time today and it worked perfectly.