[cisco-voip] CCM & AD (or LDAP) Integration

Lelio Fulgenzi lelio at uoguelph.ca
Mon Apr 4 09:13:41 EDT 2005


Thanks Marcus!
  ----- Original Message ----- 
  From: Marcus Lundbom 
  To: Lelio Fulgenzi ; cisco-voip at puck.nether.net 
  Sent: Monday, April 04, 2005 3:05 AM
  Subject: RE: [cisco-voip] CCM & AD (or LDAP) Integration


  See answers below.

  /M 





------------------------------------------------------------------------------
  From: cisco-voip-bounces at puck.nether.net [mailto:cisco-voip-bounces at puck.nether.net] On Behalf Of Lelio Fulgenzi
  Sent: Sunday, April 03, 2005 10:24 AM
  To: cisco-voip at puck.nether.net
  Subject: [cisco-voip] CCM & AD (or LDAP) Integration


  Just wondering what you get when you integrate either AD or LDAP/Netscape/Sun directories with CallManager. We're looking at doing it, but I want to make sure the advantages outweigh any complexity and or problems that might come up. 

  For example:
    a.. Does it give you CCMuser access with synchronized userid/password with your corporate directory?  
  Yes. 
    a.. What other fields are you able to integrate? Will we still have to fill out the Call Display field on the DN config page?  
  Call Display must still be entered. Basically, what you integrate is the obvious parts of what you see on the User-page in CCMAdmin. 
    a.. Are you still able to create local userID/passwords or will we have to create a ccmadministrator and craadmin account in the corporate directory?  
  The CRAAdmin will be picked from your directory. CCMAdmin is a local user on the CCM-server (exception of MLA, I'm not quite sure of the implications of using MLA in such setup), you cannot create local telephony-related accounts, but of course - it's possible to create local windows-accounts (i.e. for CCMAdmin) 
    a.. How do you prevent certain people from accessing the userpages? 
  To my knowledge; you don't. I believe it could be possible to restrict the access in IIS, however, that would most likely require that you also make the CCM-server a member of the domain, which in turn has several other disadvantages.

  It is my strongest recommendation, if you are considering AD-integration that you do NOT make the server a member of the domain, keep it in a workgroup instead, it will make your life at lot easier. It is supported to bring it into the domain, but you will have to remove the server from the domain everytime you are doing an upgrade and so on, plus it will make life a living hell if you do not have the proper GPO-planning and so on.

  Best regards,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://puck.nether.net/pipermail/cisco-voip/attachments/20050404/5ebf9b12/attachment.html


More information about the cisco-voip mailing list