[cisco-voip] R: UserID when syncing via ldap.. Removing certain characters?
Ryan Ratliff
rratliff at cisco.com
Wed Apr 9 09:17:12 EDT 2008
The password is not sync'd, but you can configure LDAP Authentication
which will pass off all authentication to AD. I believe CM will
store a hash of the password locally but not the actual password itself.
-Ryan
On Apr 9, 2008, at 5:52 AM, Alessandro Bertacco wrote:
Hi everyone. About LDAP Sync, i sit possible to sync AD user password
too? Or password must be set independently on the CUCM?
Thank you very much.
Alessandro Bertacco
Da: cisco-voip-bounces at puck.nether.net [mailto:cisco-voip-
bounces at puck.nether.net] Per conto di Ryan Ratliff
Inviato: lunedì 7 aprile 2008 15.25
A: Ryan West
Cc: cisco-voip at puck.nether.net
Oggetto: Re: [cisco-voip] UserID when syncing via ldap.. Removing
certain characters?
When you delete the ldap integration it doesn't just delete the
users, it marks them as inactive. When you recreate the integration
it will re-sync the users and mark them active again. There is a
cleanup agent that runs around 3AM I believe that is responsible for
deleting inactive users from the database.
-Ryan
On Apr 4, 2008, at 6:09 PM, Ryan West wrote:
Mark,
There is no way, that I can see, to change the LDAP directory
integration fields without deleting the old ones and recreating
them. Even then, there are only three fields that can be
manipulated. Those are the TN and Middle name fields. As for the
deletion of users, I believe that is a batched job that occurs after
a set period of time, something like a day. So it won't just delete
all your users immediately. I have tested the device association
part a couple of times internally and have not lost any device
associtations, so I think you're okay there.
I verified in the admin guide for 6.0 (1) that those options exist.
I'm sure the timeout value for the deletion cycle is listed there as
well. Since you went through the trouble of doing LDAP
synchronization, why not just authenticate your users against it
too? Assuming your managing the AD and phone system, it's one less
password to manage at the end of the day.
-ryan
From: cisco-voip-bounces at puck.nether.net [mailto:cisco-voip-
bounces at puck.nether.net] On Behalf Of MILLS, Mark
Sent: Friday, April 04, 2008 5:56 PM
To: Ryan Ratliff
Cc: cisco-voip at puck.nether.net
Subject: Re: [cisco-voip] UserID when syncing via ldap.. Removing
certain characters?
Hi,
I actually thought of that, but it seems I would need to delete the
current ldap directory intergration, and configure a new
intergration, as you cant just change the field. I am also not sure
if its possible with CM6.0.1, as I couldnt see ipPhone as an ldap
attribute option in my CM 6.0.1 system?
If I do this all the current end users will be deleted. When it syncs
again and the users are imported using the different ldap attribute,
will CM be smart enough to recognise the users and keep the same
settings, or will they need their device profiles and passwords etc
reconfigured?
Thanks,
Mark
-----Original Message-----
From: Ryan Ratliff [mailto:rratliff at cisco.com]
Sent: Sat 4/5/2008 12:07 AM
To: MILLS, Mark
Cc: cisco-voip at puck.nether.net
Subject: Re: [cisco-voip] UserID when syncing via ldap.. Removing
certain characters?
Not that I'm aware of. Would it be possible to populate the IPPhone
attribute for your users with the number you wish CM to use and then
map that attribute instead of telephoneNumber?
-Ryan
On Apr 4, 2008, at 1:07 AM, MILLS, Mark wrote:
Hi,
We are doing Active Directory syncing for CallManager 6 users.
We use the telephoneNumber ldap attribute to map to the User ID field in
CCM, but in AD want to use the full international format such as
"+61(0)884807702" for numbers.
This is obviously a bit horrible for users to enter via their phone, is
there any way possible that we can have it selectively strip out the
+61(0) part of the number when creating the synced User ID's??? Ie, so
the login for the above number would actually be 884807702 ?
I have had a hunt around, and cant seem to find anything about doing
this, so I am assuming its not possible? :(
Thanks,
Mark
"Warning:
The information contained in this email and any attached files is
confidential to BAE Systems Australia. If you are not the intended
recipient, any use, disclosure or copying of this email or any
attachments is expressly prohibited. If you have received this email
in error, please notify us immediately. VIRUS: Every care has been
taken to ensure this email and its attachments are virus free,
however, any loss or damage incurred in using this email is not the
sender's responsibility. It is your responsibility to ensure virus
checks are completed before installing any data sent in this email to
your computer."
_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip
"Warning:
The information contained in this email and any attached files is
confidential to BAE Systems Australia. If you are not the intended
recipient, any use, disclosure or copying of this email or any
attachments is expressly prohibited. If you have received this email
in error, please notify us immediately. VIRUS: Every care has been
taken to ensure this email and its attachments are virus free,
however, any loss or damage incurred in using this email is not the
sender's responsibility. It is your responsibility to ensure virus
checks are completed before installing any data sent in this email to
your computer."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://puck.nether.net/pipermail/cisco-voip/attachments/20080409/93c22211/attachment.html
More information about the cisco-voip
mailing list