[cisco-voip] R: UserID when syncing via ldap.. Removing certain characters?

Ryan Ratliff rratliff at cisco.com
Wed Apr 9 09:17:12 EDT 2008


The password is not sync'd, but you can configure LDAP Authentication  
which will pass off all authentication to AD.  I believe CM will  
store a hash of the password locally but not the actual password itself.

-Ryan

On Apr 9, 2008, at 5:52 AM, Alessandro Bertacco wrote:

Hi everyone. About LDAP Sync, i sit possible to sync AD user password  
too? Or password must be set independently on the CUCM?

Thank you very much.

Alessandro Bertacco

Da: cisco-voip-bounces at puck.nether.net [mailto:cisco-voip- 
bounces at puck.nether.net] Per conto di Ryan Ratliff
Inviato: lunedì 7 aprile 2008 15.25
A: Ryan West
Cc: cisco-voip at puck.nether.net
Oggetto: Re: [cisco-voip] UserID when syncing via ldap.. Removing  
certain characters?

When you delete the ldap integration it doesn't just delete the  
users, it marks them as inactive.   When you recreate the integration  
it will re-sync the users and mark them active again.  There is a  
cleanup agent that runs around 3AM I believe that is responsible for  
deleting inactive users from the database.

-Ryan

On Apr 4, 2008, at 6:09 PM, Ryan West wrote:


Mark,

There is no way, that I can see, to change the LDAP directory  
integration fields without deleting the old ones and recreating  
them.  Even then, there are only three fields that can be  
manipulated.  Those are the TN and Middle name fields.  As for the  
deletion of users, I believe that is a batched job that occurs after  
a set period of time, something like a day.  So it won't just delete  
all your users immediately.  I have tested the device association  
part a couple of times internally and have not lost any device  
associtations, so I think you're okay there.

I verified in the admin guide for 6.0 (1) that those options exist.   
I'm sure the timeout value for the deletion cycle is listed there as  
well.  Since you went through the trouble of doing LDAP  
synchronization, why not just authenticate your users against it  
too?  Assuming your managing the AD and phone system, it's one less  
password to manage at the end of the day.

-ryan

From: cisco-voip-bounces at puck.nether.net [mailto:cisco-voip- 
bounces at puck.nether.net] On Behalf Of MILLS, Mark
Sent: Friday, April 04, 2008 5:56 PM
To: Ryan Ratliff
Cc: cisco-voip at puck.nether.net
Subject: Re: [cisco-voip] UserID when syncing via ldap.. Removing  
certain characters?


Hi,

I actually thought of that, but it seems I would need to delete the  
current ldap directory intergration, and configure a new  
intergration, as you cant just change the field.  I am also not sure  
if its possible with CM6.0.1, as I couldnt see ipPhone as an ldap  
attribute option in my CM 6.0.1 system?

If I do this all the current end users will be deleted. When it syncs  
again and the users are imported using the different ldap attribute,  
will CM be smart enough to recognise the users and keep the same  
settings, or will they need their device profiles and passwords etc  
reconfigured?

Thanks,
   Mark



-----Original Message-----
From: Ryan Ratliff [mailto:rratliff at cisco.com]
Sent: Sat 4/5/2008 12:07 AM
To: MILLS, Mark
Cc: cisco-voip at puck.nether.net
Subject: Re: [cisco-voip] UserID when syncing via ldap.. Removing  
certain characters?

Not that I'm aware of.  Would it be possible to populate the IPPhone
attribute for your users with the number you wish CM to use and then
map that attribute instead of telephoneNumber?

-Ryan

On Apr 4, 2008, at 1:07 AM, MILLS, Mark wrote:

Hi,

We are doing Active Directory syncing for CallManager 6 users.

We use the telephoneNumber ldap attribute to map to the User ID field in
CCM, but in AD want to use the full international format such as
"+61(0)884807702" for numbers.

This is obviously a bit horrible for users to enter via their phone, is
there any way possible that we can have it selectively strip out the
+61(0) part of the number when creating the synced User ID's???   Ie, so
the login for the above number would actually be 884807702 ?

I have had a hunt around, and cant seem to find anything about doing
this, so I am assuming its not possible?  :(

Thanks,
     Mark
"Warning:
The information contained in this email and any attached files is
confidential to BAE Systems Australia. If you are not the intended
recipient, any use, disclosure or copying of this email or any
attachments is expressly prohibited.  If you have received this email
in error, please notify us immediately. VIRUS: Every care has been
taken to ensure this email and its attachments are virus free,
however, any loss or damage incurred in using this email is not the
sender's responsibility.  It is your responsibility to ensure virus
checks are completed before installing any data sent in this email to
your computer."


_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip



"Warning:
The information contained in this email and any attached files is
confidential to BAE Systems Australia. If you are not the intended
recipient, any use, disclosure or copying of this email or any
attachments is expressly prohibited.  If you have received this email
in error, please notify us immediately. VIRUS: Every care has been
taken to ensure this email and its attachments are virus free,
however, any loss or damage incurred in using this email is not the
sender's responsibility.  It is your responsibility to ensure virus
checks are completed before installing any data sent in this email to
your computer."



-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://puck.nether.net/pipermail/cisco-voip/attachments/20080409/93c22211/attachment.html 


More information about the cisco-voip mailing list