[cisco-voip] R: R: UserID when syncing via ldap.. Removing certain characters?

Wed Apr 9 10:22:36 EDT 2008

Thank you very much Ryan.
Regards

Alessandro

________________________________

Da: Ryan Ratliff [mailto:rratliff at cisco.com]
Inviato: mer 09/04/2008 15.17
A: alessandro.bertacco at alice.it
Cc: 'Ryan West'; cisco-voip at puck.nether.net
Oggetto: Re: R: [cisco-voip] UserID when syncing via ldap.. Removing certain characters?

The password is not sync'd, but you can configure LDAP Authentication which will pass off all authentication to AD.  I believe CM will store a hash of the password locally but not the actual password itself. 

-Ryan

On Apr 9, 2008, at 5:52 AM, Alessandro Bertacco wrote:

Hi everyone. About LDAP Sync, i sit possible to sync AD user password too? Or password must be set independently on the CUCM?

Thank you very much.

Alessandro Bertacco

Da: cisco-voip-bounces at puck.nether.net [mailto:cisco-voip-bounces at puck.nether.net] Per conto di Ryan Ratliff
Inviato: lunedì 7 aprile 2008 15.25
A: Ryan West
Cc: cisco-voip at puck.nether.net
Oggetto: Re: [cisco-voip] UserID when syncing via ldap.. Removing certain characters?

When you delete the ldap integration it doesn't just delete the users, it marks them as inactive.   When you recreate the integration it will re-sync the users and mark them active again.  There is a cleanup agent that runs around 3AM I believe that is responsible for deleting inactive users from the database.  

-Ryan

On Apr 4, 2008, at 6:09 PM, Ryan West wrote:

Mark,

There is no way, that I can see, to change the LDAP directory integration fields without deleting the old ones and recreating them.  Even then, there are only three fields that can be manipulated.  Those are the TN and Middle name fields.  As for the deletion of users, I believe that is a batched job that occurs after a set period of time, something like a day.  So it won't just delete all your users immediately.  I have tested the device association part a couple of times internally and have not lost any device associtations, so I think you're okay there.

I verified in the admin guide for 6.0 (1) that those options exist.  I'm sure the timeout value for the deletion cycle is listed there as well.  Since you went through the trouble of doing LDAP synchronization, why not just authenticate your users against it too?  Assuming your managing the AD and phone system, it's one less password to manage at the end of the day.

-ryan

From: cisco-voip-bounces at puck.nether.net [mailto:cisco-voip-bounces at puck.nether.net] On Behalf Of MILLS, Mark
Sent: Friday, April 04, 2008 5:56 PM
To: Ryan Ratliff
Cc: cisco-voip at puck.nether.net
Subject: Re: [cisco-voip] UserID when syncing via ldap.. Removing certain characters?

Hi,

I actually thought of that, but it seems I would need to delete the current ldap directory intergration, and configure a new intergration, as you cant just change the field.  I am also not sure if its possible with CM6.0.1, as I couldnt see ipPhone as an ldap attribute option in my CM 6.0.1 system?

If I do this all the current end users will be deleted. When it syncs again and the users are imported using the different ldap attribute, will CM be smart enough to recognise the users and keep the same settings, or will they need their device profiles and passwords etc reconfigured?

Thanks,
  Mark

-----Original Message-----
From: Ryan Ratliff [mailto:rratliff at cisco.com]
Sent: Sat 4/5/2008 12:07 AM
To: MILLS, Mark
Cc: cisco-voip at puck.nether.net
Subject: Re: [cisco-voip] UserID when syncing via ldap.. Removing certain characters?

Not that I'm aware of.  Would it be possible to populate the IPPhone 
attribute for your users with the number you wish CM to use and then 
map that attribute instead of telephoneNumber?

-Ryan

On Apr 4, 2008, at 1:07 AM, MILLS, Mark wrote:

Hi,

We are doing Active Directory syncing for CallManager 6 users.

We use the telephoneNumber ldap attribute to map to the User ID field in
CCM, but in AD want to use the full international format such as
"+61(0)884807702" for numbers.

This is obviously a bit horrible for users to enter via their phone, is
there any way possible that we can have it selectively strip out the
+61(0) part of the number when creating the synced User ID's???   Ie, so
the login for the above number would actually be 884807702 ?

I have had a hunt around, and cant seem to find anything about doing
this, so I am assuming its not possible?  :(

Thanks,
    Mark
"Warning:
The information contained in this email and any attached files is
confidential to BAE Systems Australia. If you are not the intended
recipient, any use, disclosure or copying of this email or any
attachments is expressly prohibited.  If you have received this email
in error, please notify us immediately. VIRUS: Every care has been
taken to ensure this email and its attachments are virus free,
however, any loss or damage incurred in using this email is not the
sender's responsibility.  It is your responsibility to ensure virus
checks are completed before installing any data sent in this email to
your computer."

_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

"Warning:
The information contained in this email and any attached files is
confidential to BAE Systems Australia. If you are not the intended
recipient, any use, disclosure or copying of this email or any
attachments is expressly prohibited.  If you have received this email
in error, please notify us immediately. VIRUS: Every care has been
taken to ensure this email and its attachments are virus free,
however, any loss or damage incurred in using this email is not the
sender's responsibility.  It is your responsibility to ensure virus
checks are completed before installing any data sent in this email to
your computer."

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://puck.nether.net/pipermail/cisco-voip/attachments/20080409/f06a7af8/attachment-0001.html 