[cisco-voip] UCM 8x. LDAP Filters with group members

Mike Lydick mike.lydick at gmail.com
Sun Jan 30 13:06:56 EST 2011 

The article indicates that the ADAM server will function as a proxy, which I
believe should resolve the issue, but the technote is based on a
multi-forest deployment. I am not sure if there are any caveats to be aware
of related to a single forest deployment before we recommend an new service
for the AD team to support. Tac came back with the same response.

SR 616689529


thanks again,

Best Regards,

Mike Lydick




On Sat, Jan 29, 2011 at 12:28 PM, Wes Sisk <wsisk at cisco.com> wrote:

>  Mike,
>
> Honestly my AD is a bit fuzzy.  If the article doesn't answer the question
> then let me know the case number and I will get it re-opened so we can get
> the right answer.
>
> Regards,
> Wes
>
>
> On 1/29/2011 10:03 AM, Mike Lydick wrote:
>
> Thanks Wes
>
>  So all the domain we are working with are in the same forest. Does will
> ADAM provide the referral process to each domain. I believe from what I have
> read it will but wanted to confirm that this is still recommended for a
> single forest environment.
>
>
> Best Regards,
>
> Mike Lydick
>
>
>
>
> On Sat, Jan 29, 2011 at 9:18 AM, Wes Sisk <wsisk at cisco.com> wrote:
>
>>  The supported method is Microsoft ADAM:
>>
>>
>> http://www.cisco.com/en/US/products/sw/voicesw/ps556/products_configuration_example09186a0080b2b103.shtml
>>
>> Regards,
>> Wes
>>
>>
>> On 1/29/2011 1:10 AM, Dennis Heim wrote:
>>
>>   You need some sort of LDAP proxy of sorts, that companies multiple LDAP
>> directories together and presents that unified directory as a single
>> directory to CallManager. I know that ANDtek make a metadirectory
>> application that does exactly this.
>>
>>
>>
>> Dennis Heim
>> Network Voice Engineer
>> CDW  Advanced Technology Services
>> 11711 N. Meridian Street, Suite 225
>> Carmel, IN  46032
>>
>> 317.569.4255 Single Number Reach
>> 317.569.4201 Fax
>>
>> dennis.heim at cdw.com
>> cdw.com/content/solutions/unified-communications/<http://www.cdw.com/content/solutions/unified-communications/>
>>
>>
>>
>> *From:* cisco-voip-bounces at puck.nether.net [
>> mailto:cisco-voip-bounces at puck.nether.net<cisco-voip-bounces at puck.nether.net>]
>> *On Behalf Of *Mike Lydick
>> *Sent:* Saturday, January 29, 2011 12:45 AM
>> *To:* Paul
>> *Cc:* cisco-voip at puck.nether.net
>> *Subject:* Re: [cisco-voip] UCM 8x. LDAP Filters with group members
>>
>>
>>
>> TAC is saying that filtering on Group membership in multiple Domains is
>> not possible. There is also a referance in the UCM 8x SRND that states that
>> indicates its not supported. So the real problem how you import CM users
>> with Active Directory forest that contain more than 5 domains? This seems to
>> be a serious limitation for enterprise environments.
>>
>>
>>
>> From the SRND:
>>
>>
>>
>> A synchronization agreement for a domain will not synchronize users
>> outside of that domain nor within a child domain because Unified CM does not
>> follow AD referrals during the synchronization process. The example in
>> Figure 16-9 requires three synchronization agreements to import all of the
>> users. Although Search Base 1 specifies the root of the tree, it will not
>> import users that exist in either of the child domains. Its scope is only
>> VSE.LAB, and separate agreements are configured for the other two domains to
>> import those users.
>>
>>
>>
>>
>>
>> Best Regards,
>>
>> Mike Lydick
>>
>>
>>
>>  On Tue, Jan 18, 2011 at 10:27 AM, Paul <asobihoudai at yahoo.com> wrote:
>>
>> according to this URL
>>
>> http://www.petri.co.il/ldap_search_samples_for_windows_2003_and_exchange.htm
>>
>> It certainly appears you can filter out users according to group
>> membership in
>> an LDAP filter.
>>
>>
>>
>>
>> ________________________________
>> From:Mike Lydick <mike.lydick at gmail.com>
>> To:cisco-voip at puck.nether.net <To%3Acisco-voip at puck.nether.net>
>> Sent: Mon, January 17, 2011 7:46:51 PM
>> Subject: [cisco-voip] UCM 8x. LDAP Filters with group members
>>
>>
>>
>> Is it possible to use group membership as element in a LDAP filter?
>>
>> We are working with an AD LDAP forest that has 6 domains. We need to
>> selectively
>>
>> import user from LDAP as we migrate to the cluster.
>>
>> The thought is to set the root path to the top level Domain OU, the use
>> the ldap
>>
>> to filter on iphone=* and member of group. We will add members to this
>> group
>> with a script as we migrate.
>>
>> mike
>>
>>
>>
>>
>> _______________________________________________
>> cisco-voip mailing list
>> cisco-voip at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-voip
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20110130/6a457b5e/attachment.html>

More information about the cisco-voip mailing list