[cisco-voip] hiding AD users in Corp Directory

Pattishall, Jan Jan.Pattishall at synergit.com
Fri Jun 13 17:12:38 EDT 2008 

The only way I have learned to do this is by writing a new filter and applying it to Callmanager using the AXL toolkit.

In our edirectory environment, we did this to only sync users who have something in the ipPhone field.

For LDAP it looks like this:
<?xml version="1.0" encoding="UTF-8"?>
<!--DTD generated by XMLSPY v5 rel. 4 U (http://www.xmlspy.com)-->
<!DOCTYPE data [
                <!ELEMENT data (sql+)>
                <!ELEMENT sql EMPTY>
                <!ATTLIST sql
                query CDATA #IMPLIED
                                update CDATA #IMPLIED
>
]>
<data>
                <sql update="update ldapfilter set filter ='(ipPhone=*)' where tkldapserver=2"/>
                <sql query="select * from ldapfilter where tkldapserver=2"/>
</data>

So for AD it should look like this:
<?xml version="1.0" encoding="UTF-8"?>
<!--DTD generated by XMLSPY v5 rel. 4 U (http://www.xmlspy.com)-->
<!DOCTYPE data [
                <!ELEMENT data (sql+)>
                <!ELEMENT sql EMPTY>
                <!ATTLIST sql
                query CDATA #IMPLIED
                                update CDATA #IMPLIED
>
]>
<data>
                <sql update="update ldapfilter set filter ='(&amp;(objectclass=user)(!(objectclass=Computer))(!(UserAccountControl:1.2.840.113556.1.4.803:=2))(|(ipPhone=*)))' where tkldapserver=1"/>
                <sql query="select * from ldapfilter where tkldapserver=1"/>
</data>


Just be careful when applying it because the readme in the AXL toolkit isn't correct and the syntax should actually be:

java -cp .\classes;.\lib\saaj-api.jar;.\lib\saaj-impl.jar;.\lib\mail.jar;.\lib\activation.jar;.\lib\jaxm-api.jar;.\lib\jaxm-runtime.jar;.\lib\xercesImpl.jar;.\lib\xml-apis.jar AxlSqlToolkit -username=appadmin -password=****** -host=172.31.2.104 -input=ADchange2.xml

From: cisco-voip-bounces at puck.nether.net [mailto:cisco-voip-bounces at puck.nether.net] On Behalf Of Scott Voll
Sent: Friday, June 13, 2008 2:25 PM
To: Joe Cisco
Cc: cisco-voip at puck.nether.net
Subject: Re: [cisco-voip] hiding AD users in Corp Directory

more of a question then an answer, but could you only sync a particular OU and move the ones you want hinden to a different OU?

Scott
On Fri, Jun 13, 2008 at 10:59 AM, Joe Cisco <smetsysocsic at gmail.com<mailto:smetsysocsic at gmail.com>> wrote:
UC6.1 - LDAP/Active Directory Integrated. I know I've seen how to to this before, but maybe a different version of CM - how can I hide particular AD users that I don't want listed in corporate directory?

Thanks,

Joe C.

_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
https://puck.nether.net/mailman/listinfo/cisco-voip

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20080613/4abec93f/attachment.html>

More information about the cisco-voip mailing list