[cisco-voip] CUCM AD integration

Madziarczyk, Jonathan JMad at cityofevanston.org
Thu Apr 29 12:26:35 EDT 2010 

Hey Carl,

Yes, we are using something similar in our implementation.  We have secondary users in AD that are simply the extension number AD user = "1234" (be sure to make the extension the last name and not the first or you'll get issues)

Then we just associate both the normal AD user (jsmith) and the extension AD user (1234) to the phone/profile.  This way the user can log into the phone with their extension number (and the pin for that extension number) and log into the self-service website using their normal network credentials.  The only drawback is that the pins between jsmith and 1234 are different because they are separate accounts (though you could sync them on a case by case basis).

Again, nothing that hasn't been already stated, but just wanted to give you an example of someone who is using it currently the way you're describing.

Jon

-----Original Message-----
From: cisco-voip-bounces at puck.nether.net [mailto:cisco-voip-bounces at puck.nether.net] On Behalf Of Ryan Ratliff
Sent: Thursday, April 29, 2010 9:01 AM
To: Dennis Heim
Cc: charl.crofton at gmail.com; cisco-voip at puck-nether.net
Subject: Re: [cisco-voip] CUCM AD integration

That would certainly work without impacting all users.

-Ryan

On Apr 29, 2010, at 9:45 AM, Dennis Heim wrote:

> How about adding a 2nd account for all users that samaccountname = extension.
> 
> Dennis Heim
> Network Voice Engineer
> CDW  Advanced Technology Services
> 11711 N. Meridian Street, Suite 225
> Carmel, IN  46032
> 
> 317.569.4255 Office
> 317.569.4201 Fax
> 317.694.6070 Cell
> dennis.heim at cdw.com
> www.berbee.com
> 
> 
> -----Original Message-----
> From: cisco-voip-bounces at puck.nether.net [mailto:cisco-voip-bounces at puck.nether.net] On Behalf Of Ryan Ratliff
> Sent: Thursday, April 29, 2010 9:43 AM
> To: Ed Leatherman
> Cc: charl.crofton at gmail.com; cisco-voip at puck-nether.net
> Subject: Re: [cisco-voip] CUCM AD integration
> 
> Correct, it's an all or nothing thing.
> 
> What version of CUCM are you running? If you were on 8 you could set up a second cluster (even just one node) and set it's ldap sync to pull in userids with a numeric attribute.  Then when your EM users login with the alphanumeric userid it will check the other cluster, authenticate them, and then log them in.
> 
> -Ryan
> 
> On Apr 29, 2010, at 9:31 AM, Ed Leatherman wrote:
> 
>> This would force his users to log in with extension number everywhere 
>> though, not just on EM right?
>> 
>> On Thu, Apr 29, 2010 at 8:17 AM, Erich Novak <Erich.Novak at nts.at> wrote:
>>> Hi,
>>> 
>>> it is possible, but not via GUI, you can change it in the Database.
>>> 
>>> You need an Active Directory field with the DN of the User (ie. IPPhone) and take care that it is unique in AD.
>>> 
>>> Next you log on to the CUCM CLI via ssh, ->
>>> 
>>> admin:run sql select * from ldapsystemconfig
>>> pkid                                 useridattributename tkldapserver syncenabled
>>> ==================================== =================== ============ ===========
>>> a1cdb5e3-aaf4-4db0-bfa9-b7c872622365 sAMAccountName      1            t
>>> 
>>> 
>>> you can update the useridattributename to anything you want via run sql update...
>>> 
>>> but take care, this also has impact on CUPS etc.
>>> 
>>> brgds
>>> Erich
>>> 
>>> -----Ursprüngliche Nachricht-----
>>> Von: cisco-voip-bounces at puck.nether.net 
>>> [mailto:cisco-voip-bounces at puck.nether.net] Im Auftrag von Ed 
>>> Leatherman
>>> Gesendet: Donnerstag, 29. April 2010 14:01
>>> An: charl.crofton at gmail.com
>>> Cc: cisco-voip at puck-nether.net
>>> Betreff: Re: [cisco-voip] CUCM AD integration
>>> 
>>> I don't think this is possible Charl. Extension Mobility uses the 
>>> userID and PIN for login, I don't know of a way to change that.
>>> 
>>> On Thu, Apr 29, 2010 at 6:03 AM, Charl Crofton <charl.ccrofton at gmail.com> wrote:
>>>> HI,
>>>> 
>>>> Let me try and explain this correctly:
>>>> 
>>>> CUCM integrated with AD & using Extension Mobility
>>>> 
>>>> So userid will be something like: jsoap (must be username to keep it 
>>>> uniform across the enterprise) My Device Profile will be something 
>>>> like: 12345 (user jsoap's extension number) Device Profile is 
>>>> associated with user jsoap.
>>>> 
>>>> I want users to log into the phones with their extension number
>>>> (12345) instead of having to use their username (jsoap)
>>>> 
>>>> Is this possible and if so, how?
>>>> 
>>>> thnx
>>>> charl
>>>> _______________________________________________
>>>> cisco-voip mailing list
>>>> cisco-voip at puck.nether.net
>>>> https://puck.nether.net/mailman/listinfo/cisco-voip
>>>> 
>>> 
>>> 
>>> 
>>> --
>>> Ed Leatherman
>>> _______________________________________________
>>> cisco-voip mailing list
>>> cisco-voip at puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/cisco-voip
>>> 
>> 
>> 
>> 
>> --
>> Ed Leatherman
>> 
>> _______________________________________________
>> cisco-voip mailing list
>> cisco-voip at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-voip
> 
> 
> _______________________________________________
> cisco-voip mailing list
> cisco-voip at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip


_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

More information about the cisco-voip mailing list