[cisco-voip] UCM 8x. LDAP Filters with group members
Mike Lydick
mike.lydick at gmail.com
Sat Jan 29 10:03:43 EST 2011
Thanks Wes
So all the domain we are working with are in the same forest. Does will ADAM
provide the referral process to each domain. I believe from what I have read
it will but wanted to confirm that this is still recommended for a single
forest environment.
Best Regards,
Mike Lydick
On Sat, Jan 29, 2011 at 9:18 AM, Wes Sisk <wsisk at cisco.com> wrote:
> The supported method is Microsoft ADAM:
>
>
> http://www.cisco.com/en/US/products/sw/voicesw/ps556/products_configuration_example09186a0080b2b103.shtml
>
> Regards,
> Wes
>
>
> On 1/29/2011 1:10 AM, Dennis Heim wrote:
>
> You need some sort of LDAP proxy of sorts, that companies multiple LDAP
> directories together and presents that unified directory as a single
> directory to CallManager. I know that ANDtek make a metadirectory
> application that does exactly this.
>
>
>
> Dennis Heim
> Network Voice Engineer
> CDW Advanced Technology Services
> 11711 N. Meridian Street, Suite 225
> Carmel, IN 46032
>
> 317.569.4255 Single Number Reach
> 317.569.4201 Fax
>
> dennis.heim at cdw.com
> cdw.com/content/solutions/unified-communications/<http://www.cdw.com/content/solutions/unified-communications/>
>
>
>
> *From:* cisco-voip-bounces at puck.nether.net [
> mailto:cisco-voip-bounces at puck.nether.net<cisco-voip-bounces at puck.nether.net>]
> *On Behalf Of *Mike Lydick
> *Sent:* Saturday, January 29, 2011 12:45 AM
> *To:* Paul
> *Cc:* cisco-voip at puck.nether.net
> *Subject:* Re: [cisco-voip] UCM 8x. LDAP Filters with group members
>
>
>
> TAC is saying that filtering on Group membership in multiple Domains is not
> possible. There is also a referance in the UCM 8x SRND that states that
> indicates its not supported. So the real problem how you import CM users
> with Active Directory forest that contain more than 5 domains? This seems to
> be a serious limitation for enterprise environments.
>
>
>
> From the SRND:
>
>
>
> A synchronization agreement for a domain will not synchronize users outside
> of that domain nor within a child domain because Unified CM does not follow
> AD referrals during the synchronization process. The example in Figure 16-9
> requires three synchronization agreements to import all of the users.
> Although Search Base 1 specifies the root of the tree, it will not import
> users that exist in either of the child domains. Its scope is only VSE.LAB,
> and separate agreements are configured for the other two domains to import
> those users.
>
>
>
>
>
> Best Regards,
>
> Mike Lydick
>
>
>
> On Tue, Jan 18, 2011 at 10:27 AM, Paul <asobihoudai at yahoo.com> wrote:
>
> according to this URL
>
> http://www.petri.co.il/ldap_search_samples_for_windows_2003_and_exchange.htm
>
> It certainly appears you can filter out users according to group membership
> in
> an LDAP filter.
>
>
>
>
> ________________________________
> From:Mike Lydick <mike.lydick at gmail.com>
> To:cisco-voip at puck.nether.net <To%3Acisco-voip at puck.nether.net>
> Sent: Mon, January 17, 2011 7:46:51 PM
> Subject: [cisco-voip] UCM 8x. LDAP Filters with group members
>
>
>
> Is it possible to use group membership as element in a LDAP filter?
>
> We are working with an AD LDAP forest that has 6 domains. We need to
> selectively
>
> import user from LDAP as we migrate to the cluster.
>
> The thought is to set the root path to the top level Domain OU, the use the
> ldap
>
> to filter on iphone=* and member of group. We will add members to this
> group
> with a script as we migrate.
>
> mike
>
>
>
>
>
> _______________________________________________
> cisco-voip mailing list
> cisco-voip at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20110129/6b5d409b/attachment.html>
More information about the cisco-voip
mailing list