[cisco-voip] CUCM AD integration
Ahmed Elnagar
ahmed_elnagar at rayacorp.com
Tue May 25 05:12:17 EDT 2010
Currently I have similar setup...but a friend of mine told me that he faced a lot of problems with CUMA when he integrate with AD using Telephone number "for easy use of EM of course"...he told me that I should use sAMAccount for the integration in order not to face any problems with CUMA.
Anyone has a document or experiences about the above?
Best Regards;
Ahmed Elnagar
Senior Network PS Engineer
Mob: +2019-0016211
CCIE#24697 (Voice)
-----Original Message-----
From: cisco-voip-bounces at puck.nether.net [mailto:cisco-voip-bounces at puck.nether.net] On Behalf Of Madziarczyk, Jonathan
Sent: Thursday, April 29, 2010 6:27 PM
To: charl.crofton at gmail.com; cisco-voip at puck-nether.net
Subject: Re: [cisco-voip] CUCM AD integration
Hey Carl,
Yes, we are using something similar in our implementation. We have secondary users in AD that are simply the extension number AD user = "1234" (be sure to make the extension the last name and not the first or you'll get issues)
Then we just associate both the normal AD user (jsmith) and the extension AD user (1234) to the phone/profile. This way the user can log into the phone with their extension number (and the pin for that extension number) and log into the self-service website using their normal network credentials. The only drawback is that the pins between jsmith and 1234 are different because they are separate accounts (though you could sync them on a case by case basis).
Again, nothing that hasn't been already stated, but just wanted to give you an example of someone who is using it currently the way you're describing.
Jon
-----Original Message-----
From: cisco-voip-bounces at puck.nether.net [mailto:cisco-voip-bounces at puck.nether.net] On Behalf Of Ryan Ratliff
Sent: Thursday, April 29, 2010 9:01 AM
To: Dennis Heim
Cc: charl.crofton at gmail.com; cisco-voip at puck-nether.net
Subject: Re: [cisco-voip] CUCM AD integration
That would certainly work without impacting all users.
-Ryan
On Apr 29, 2010, at 9:45 AM, Dennis Heim wrote:
> How about adding a 2nd account for all users that samaccountname = extension.
>
> Dennis Heim
> Network Voice Engineer
> CDW Advanced Technology Services
> 11711 N. Meridian Street, Suite 225
> Carmel, IN 46032
>
> 317.569.4255 Office
> 317.569.4201 Fax
> 317.694.6070 Cell
> dennis.heim at cdw.com
> www.berbee.com
>
>
> -----Original Message-----
> From: cisco-voip-bounces at puck.nether.net [mailto:cisco-voip-bounces at puck.nether.net] On Behalf Of Ryan Ratliff
> Sent: Thursday, April 29, 2010 9:43 AM
> To: Ed Leatherman
> Cc: charl.crofton at gmail.com; cisco-voip at puck-nether.net
> Subject: Re: [cisco-voip] CUCM AD integration
>
> Correct, it's an all or nothing thing.
>
> What version of CUCM are you running? If you were on 8 you could set up a second cluster (even just one node) and set it's ldap sync to pull in userids with a numeric attribute. Then when your EM users login with the alphanumeric userid it will check the other cluster, authenticate them, and then log them in.
>
> -Ryan
>
> On Apr 29, 2010, at 9:31 AM, Ed Leatherman wrote:
>
>> This would force his users to log in with extension number everywhere
>> though, not just on EM right?
>>
>> On Thu, Apr 29, 2010 at 8:17 AM, Erich Novak <Erich.Novak at nts.at> wrote:
>>> Hi,
>>>
>>> it is possible, but not via GUI, you can change it in the Database.
>>>
>>> You need an Active Directory field with the DN of the User (ie. IPPhone) and take care that it is unique in AD.
>>>
>>> Next you log on to the CUCM CLI via ssh, ->
>>>
>>> admin:run sql select * from ldapsystemconfig
>>> pkid useridattributename tkldapserver syncenabled
>>> ==================================== =================== ============ ===========
>>> a1cdb5e3-aaf4-4db0-bfa9-b7c872622365 sAMAccountName 1 t
>>>
>>>
>>> you can update the useridattributename to anything you want via run sql update...
>>>
>>> but take care, this also has impact on CUPS etc.
>>>
>>> brgds
>>> Erich
>>>
>>> -----Ursprüngliche Nachricht-----
>>> Von: cisco-voip-bounces at puck.nether.net
>>> [mailto:cisco-voip-bounces at puck.nether.net] Im Auftrag von Ed
>>> Leatherman
>>> Gesendet: Donnerstag, 29. April 2010 14:01
>>> An: charl.crofton at gmail.com
>>> Cc: cisco-voip at puck-nether.net
>>> Betreff: Re: [cisco-voip] CUCM AD integration
>>>
>>> I don't think this is possible Charl. Extension Mobility uses the
>>> userID and PIN for login, I don't know of a way to change that.
>>>
>>> On Thu, Apr 29, 2010 at 6:03 AM, Charl Crofton <charl.ccrofton at gmail.com> wrote:
>>>> HI,
>>>>
>>>> Let me try and explain this correctly:
>>>>
>>>> CUCM integrated with AD & using Extension Mobility
>>>>
>>>> So userid will be something like: jsoap (must be username to keep it
>>>> uniform across the enterprise) My Device Profile will be something
>>>> like: 12345 (user jsoap's extension number) Device Profile is
>>>> associated with user jsoap.
>>>>
>>>> I want users to log into the phones with their extension number
>>>> (12345) instead of having to use their username (jsoap)
>>>>
>>>> Is this possible and if so, how?
>>>>
>>>> thnx
>>>> charl
>>>> _______________________________________________
>>>> cisco-voip mailing list
>>>> cisco-voip at puck.nether.net
>>>> https://puck.nether.net/mailman/listinfo/cisco-voip
>>>>
>>>
>>>
>>>
>>> --
>>> Ed Leatherman
>>> _______________________________________________
>>> cisco-voip mailing list
>>> cisco-voip at puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/cisco-voip
>>>
>>
>>
>>
>> --
>> Ed Leatherman
>>
>> _______________________________________________
>> cisco-voip mailing list
>> cisco-voip at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-voip
>
>
> _______________________________________________
> cisco-voip mailing list
> cisco-voip at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip
_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip
Disclaimer: NOTICE The information contained in this message is confidential and is intended for the addressee(s) only. If you have received this message in error or there are any problems please notify the originator immediately. The unauthorized use, disclosure, copying or alteration of this message is strictly forbidden. Raya will not be liable for direct, special, indirect or consequential damages arising from alteration of the contents of this message by a third party or as a result of any malicious code or virus being passed on. Views expressed in this communication are not necessarily those of Raya.If you have received this message in error, please notify the sender immediately by email, facsimile or telephone and return and/or destroy the original message.
More information about the cisco-voip
mailing list