[cisco-voip] UCM 8x. LDAP Filters with group members

Wes Sisk wsisk at cisco.com
Sat Jan 29 09:18:03 EST 2011 

The supported method is Microsoft ADAM:

http://www.cisco.com/en/US/products/sw/voicesw/ps556/products_configuration_example09186a0080b2b103.shtml

Regards,
Wes

On 1/29/2011 1:10 AM, Dennis Heim wrote:
>
> You need some sort of LDAP proxy of sorts, that companies multiple 
> LDAP directories together and presents that unified directory as a 
> single directory to CallManager. I know that ANDtek make a 
> metadirectory application that does exactly this.
>
> Dennis Heim
> Network Voice Engineer
> CDW  Advanced Technology Services
> 11711 N. Meridian Street, Suite 225
> Carmel, IN  46032
>
> 317.569.4255 Single Number Reach
> 317.569.4201 Fax
>
> dennis.heim at cdw.com <mailto:dennis.heim at cdw.com>
> cdw.com/content/solutions/unified-communications/ 
> <http://www.cdw.com/content/solutions/unified-communications/>
>
> *From:*cisco-voip-bounces at puck.nether.net 
> [mailto:cisco-voip-bounces at puck.nether.net] *On Behalf Of *Mike Lydick
> *Sent:* Saturday, January 29, 2011 12:45 AM
> *To:* Paul
> *Cc:* cisco-voip at puck.nether.net
> *Subject:* Re: [cisco-voip] UCM 8x. LDAP Filters with group members
>
> TAC is saying that filtering on Group membership in multiple Domains 
> is not possible. There is also a referance in the UCM 8x SRND that 
> states that indicates its not supported. So the real problem how you 
> import CM users with Active Directory forest that contain more than 5 
> domains? This seems to be a serious limitation for enterprise 
> environments.
>
> From the SRND:
>
> A synchronization agreement for a domain will not synchronize users 
> outside of that domain nor within a child domain because Unified CM 
> does not follow AD referrals during the synchronization process. The 
> example in Figure 16-9 requires three synchronization agreements to 
> import all of the users. Although Search Base 1 specifies the root of 
> the tree, it will not import users that exist in either of the child 
> domains. Its scope is only VSE.LAB, and separate agreements are 
> configured for the other two domains to import those users.
>
> Best Regards,
>
> Mike Lydick
>
>
>
> On Tue, Jan 18, 2011 at 10:27 AM, Paul <asobihoudai at yahoo.com 
> <mailto:asobihoudai at yahoo.com>> wrote:
>
> according to this URL
> http://www.petri.co.il/ldap_search_samples_for_windows_2003_and_exchange.htm
>
> It certainly appears you can filter out users according to group 
> membership in
> an LDAP filter.
>
>
>
>
> ________________________________
> From:Mike Lydick <mike.lydick at gmail.com <mailto:mike.lydick at gmail.com>>
> To:cisco-voip at puck.nether.net <mailto:To%3Acisco-voip at puck.nether.net>
> Sent: Mon, January 17, 2011 7:46:51 PM
> Subject: [cisco-voip] UCM 8x. LDAP Filters with group members
>
>
>
> Is it possible to use group membership as element in a LDAP filter?
>
> We are working with an AD LDAP forest that has 6 domains. We need to 
> selectively
>
> import user from LDAP as we migrate to the cluster.
>
> The thought is to set the root path to the top level Domain OU, the 
> use the ldap
>
> to filter on iphone=* and member of group. We will add members to this 
> group
> with a script as we migrate.
>
> mike
>
>
>
> _______________________________________________
> cisco-voip mailing list
> cisco-voip at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20110129/74588cc7/attachment.html>

More information about the cisco-voip mailing list