[cisco-voip] CCM & AD (or LDAP) Integration

Marcus Lundbom Marcus.Lundbom at addpro.se
Mon Apr 4 03:05:16 EDT 2005 

See answers below.
 

/M 

 


________________________________

From: cisco-voip-bounces at puck.nether.net
[mailto:cisco-voip-bounces at puck.nether.net] On Behalf Of Lelio Fulgenzi
Sent: Sunday, April 03, 2005 10:24 AM
To: cisco-voip at puck.nether.net
Subject: [cisco-voip] CCM & AD (or LDAP) Integration


Just wondering what you get when you integrate either AD or
LDAP/Netscape/Sun directories with CallManager. We're looking at doing
it, but I want to make sure the advantages outweigh any complexity and
or problems that might come up. 
 
For example:

*	Does it give you CCMuser access with synchronized
userid/password with your corporate directory?  

Yes. 

*	What other fields are you able to integrate? Will we still have
to fill out the Call Display field on the DN config page?  

Call Display must still be entered. Basically, what you integrate is the
obvious parts of what you see on the User-page in CCMAdmin. 

*	Are you still able to create local userID/passwords or will we
have to create a ccmadministrator and craadmin account in the corporate
directory?  

The CRAAdmin will be picked from your directory. CCMAdmin is a local
user on the CCM-server (exception of MLA, I'm not quite sure of the
implications of using MLA in such setup), you cannot create local
telephony-related accounts, but of course - it's possible to create
local windows-accounts (i.e. for CCMAdmin) 

*	How do you prevent certain people from accessing the userpages? 

To my knowledge; you don't. I believe it could be possible to restrict
the access in IIS, however, that would most likely require that you also
make the CCM-server a member of the domain, which in turn has several
other disadvantages.
 
It is my strongest recommendation, if you are considering AD-integration
that you do NOT make the server a member of the domain, keep it in a
workgroup instead, it will make your life at lot easier. It is supported
to bring it into the domain, but you will have to remove the server from
the domain everytime you are doing an upgrade and so on, plus it will
make life a living hell if you do not have the proper GPO-planning and
so on.
 
Best regards,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://puck.nether.net/pipermail/cisco-voip/attachments/20050404/7d49e9ab/attachment.html

More information about the cisco-voip mailing list