[cisco-voip] UCM 8x. LDAP Filters with group members

Mike Lydick mike.lydick at gmail.com
Sat Jan 29 00:44:35 EST 2011 

TAC is saying that filtering on Group membership in multiple Domains is not
possible. There is also a referance in the UCM 8x SRND that states that
indicates its not supported. So the real problem how you import CM users
with Active Directory forest that contain more than 5 domains? This seems to
be a serious limitation for enterprise environments.

>From the SRND:



A synchronization agreement for a domain will not synchronize users outside
of that domain nor within a child domain because Unified CM does not follow
AD referrals during the synchronization process. The example in Figure 16-9
requires three synchronization agreements to import all of the users.
Although Search Base 1 specifies the root of the tree, it will not import
users that exist in either of the child domains. Its scope is only VSE.LAB,
and separate agreements are configured for the other two domains to import
those users.




Best Regards,

Mike Lydick




On Tue, Jan 18, 2011 at 10:27 AM, Paul <asobihoudai at yahoo.com> wrote:

> according to this URL
>
> http://www.petri.co.il/ldap_search_samples_for_windows_2003_and_exchange.htm
>
> It certainly appears you can filter out users according to group membership
> in
> an LDAP filter.
>
>
>
>
> ________________________________
> From:Mike Lydick <mike.lydick at gmail.com>
> To:cisco-voip at puck.nether.net <To%3Acisco-voip at puck.nether.net>
> Sent: Mon, January 17, 2011 7:46:51 PM
> Subject: [cisco-voip] UCM 8x. LDAP Filters with group members
>
>
> Is it possible to use group membership as element in a LDAP filter?
>
> We are working with an AD LDAP forest that has 6 domains. We need to
> selectively
>
> import user from LDAP as we migrate to the cluster.
>
> The thought is to set the root path to the top level Domain OU, the use the
> ldap
>
> to filter on iphone=* and member of group. We will add members to this
> group
> with a script as we migrate.
>
> mike
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20110129/ba6b426d/attachment.html>

More information about the cisco-voip mailing list