[cisco-voip] LDAP filter for CUCM 6

Ryan West rwest at zyedge.com
Wed Jun 4 11:22:53 EDT 2008 

Jan,

Just to summarize some of the steps that I went through before:


1)      I wanted to provide a full 10 digit number for windows mobile devices that are using a corporate directory or other services needing the full 10 digit

2)      I wanted to sync based on the presence of the IP Phone field and I wanted that to used for the primary extension and corporate directory on the phones
To accomplish this was a two-fold project.  I needed to write a vb script to pull the last digits from each existing phone number in AD, you can always manually move the phone numbers as well.  I then needed to use the axltoolkit to update from the original LDAP matching structure to a new match that looks for active users with the presence of the IP phone field.

Here is the AXL SQL update that I am using currently, it was tested within the week.

<?xml version="1.0" encoding="UTF-8"?>
<!--DTD generated by XMLSPY v5 rel. 4 U (http://www.xmlspy.com)-->
<!DOCTYPE data [
                <!ELEMENT data (sql+)>
                <!ELEMENT sql EMPTY>
                <!ATTLIST sql
                query CDATA #IMPLIED
                                update CDATA #IMPLIED
>
]>
<data>
                <sql update="update ldapfilter set filter ='(&amp;(objectclass=user)(!(objectclass=Computer))(!(UserAccountControl:1.2.840.113556.1.4.803:=2))(|(ipPhone=1*)(ipPhone=2*)(ipPhone=3*)(ipPhone=4*)(ipPhone=5*)(ipPhone=6*)(ipPhone=7*)(ipPhone=8*)(ipPhone=9*)(ipPhone=0*)))' where tkldapserver=1"/>
                <sql query="select * from ldapfilter where tkldapserver=1"/>
</data>

I recommend running the sql query first so you can see what the default CM install comes with and have something to backup to in case of any issues.  Remember that you'll need to start and stop dirsvcs for the cache to update.  (Thanks to Andrew Short for that tip and the IpPhone OR statement above).

If you're still hitting the wall on the vb script, let me know and I can repost that as well.

-ryan

From: cisco-voip-bounces at puck.nether.net [mailto:cisco-voip-bounces at puck.nether.net] On Behalf Of Pattishall, Jan
Sent: Wednesday, June 04, 2008 11:10 AM
To: cisco-voip at puck.nether.net
Subject: [cisco-voip] LDAP filter for CUCM 6

Hello

I am running into an issue discussed prior in which someone was attempting to filter out certain users from the directory by referencing the presence or absence of a certain field. (like CiscoPrivateUser used to do).

I am running into the same issue with CUCM6 and Edirectory 8 and was hoping for some assistance in implementing the LDAP filter.

Any help would be greatly appreciated.


Cordially,
Jan Pattishall
Senior Voice and Infrastructure Engineer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20080604/a9267308/attachment-0001.html>

More information about the cisco-voip mailing list