[cisco-voip] UCM 8x. LDAP Filters with group members

Wes Sisk wsisk at cisco.com
Sat Jan 29 12:28:03 EST 2011 

Mike,

Honestly my AD is a bit fuzzy.  If the article doesn't answer the 
question then let me know the case number and I will get it re-opened so 
we can get the right answer.

Regards,
Wes

On 1/29/2011 10:03 AM, Mike Lydick wrote:
> Thanks Wes
>
> So all the domain we are working with are in the same forest. Does 
> will ADAM provide the referral process to each domain. I believe from 
> what I have read it will but wanted to confirm that this is still 
> recommended for a single forest environment.
>
>
> Best Regards,
>
> Mike Lydick
>
>
>
>
> On Sat, Jan 29, 2011 at 9:18 AM, Wes Sisk <wsisk at cisco.com 
> <mailto:wsisk at cisco.com>> wrote:
>
>     The supported method is Microsoft ADAM:
>
>     http://www.cisco.com/en/US/products/sw/voicesw/ps556/products_configuration_example09186a0080b2b103.shtml
>
>     Regards,
>     Wes
>
>
>     On 1/29/2011 1:10 AM, Dennis Heim wrote:
>>
>>     You need some sort of LDAP proxy of sorts, that companies
>>     multiple LDAP directories together and presents that unified
>>     directory as a single directory to CallManager. I know that
>>     ANDtek make a metadirectory application that does exactly this.
>>
>>     Dennis Heim
>>     Network Voice Engineer
>>     CDW  Advanced Technology Services
>>     11711 N. Meridian Street, Suite 225
>>     Carmel, IN  46032
>>
>>     317.569.4255 Single Number Reach
>>     317.569.4201 Fax
>>
>>     dennis.heim at cdw.com <mailto:dennis.heim at cdw.com>
>>     cdw.com/content/solutions/unified-communications/
>>     <http://www.cdw.com/content/solutions/unified-communications/>
>>
>>     *From:*cisco-voip-bounces at puck.nether.net
>>     <mailto:cisco-voip-bounces at puck.nether.net>
>>     [mailto:cisco-voip-bounces at puck.nether.net] *On Behalf Of *Mike
>>     Lydick
>>     *Sent:* Saturday, January 29, 2011 12:45 AM
>>     *To:* Paul
>>     *Cc:* cisco-voip at puck.nether.net <mailto:cisco-voip at puck.nether.net>
>>     *Subject:* Re: [cisco-voip] UCM 8x. LDAP Filters with group members
>>
>>     TAC is saying that filtering on Group membership in multiple
>>     Domains is not possible. There is also a referance in the UCM 8x
>>     SRND that states that indicates its not supported. So the real
>>     problem how you import CM users with Active Directory forest that
>>     contain more than 5 domains? This seems to be a serious
>>     limitation for enterprise environments.
>>
>>     From the SRND:
>>
>>     A synchronization agreement for a domain will not synchronize
>>     users outside of that domain nor within a child domain because
>>     Unified CM does not follow AD referrals during the
>>     synchronization process. The example in Figure 16-9 requires
>>     three synchronization agreements to import all of the users.
>>     Although Search Base 1 specifies the root of the tree, it will
>>     not import users that exist in either of the child domains. Its
>>     scope is only VSE.LAB, and separate agreements are configured for
>>     the other two domains to import those users.
>>
>>     Best Regards,
>>
>>     Mike Lydick
>>
>>
>>
>>     On Tue, Jan 18, 2011 at 10:27 AM, Paul <asobihoudai at yahoo.com
>>     <mailto:asobihoudai at yahoo.com>> wrote:
>>
>>     according to this URL
>>     http://www.petri.co.il/ldap_search_samples_for_windows_2003_and_exchange.htm
>>
>>     It certainly appears you can filter out users according to group
>>     membership in
>>     an LDAP filter.
>>
>>
>>
>>
>>     ________________________________
>>     From:Mike Lydick <mike.lydick at gmail.com
>>     <mailto:mike.lydick at gmail.com>>
>>     To:cisco-voip at puck.nether.net
>>     <mailto:To%3Acisco-voip at puck.nether.net>
>>     Sent: Mon, January 17, 2011 7:46:51 PM
>>     Subject: [cisco-voip] UCM 8x. LDAP Filters with group members
>>
>>
>>
>>     Is it possible to use group membership as element in a LDAP filter?
>>
>>     We are working with an AD LDAP forest that has 6 domains. We need
>>     to selectively
>>
>>     import user from LDAP as we migrate to the cluster.
>>
>>     The thought is to set the root path to the top level Domain OU,
>>     the use the ldap
>>
>>     to filter on iphone=* and member of group. We will add members to
>>     this group
>>     with a script as we migrate.
>>
>>     mike
>>
>>
>>
>>     _______________________________________________
>>     cisco-voip mailing list
>>     cisco-voip at puck.nether.net <mailto:cisco-voip at puck.nether.net>
>>     https://puck.nether.net/mailman/listinfo/cisco-voip
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20110129/3e7b043f/attachment.html>

More information about the cisco-voip mailing list