[cisco-voip] CUCM 8.5 AD integration question or two
Beck, Christopher
CBeck at usg.com
Thu Feb 23 10:37:17 EST 2012
It should be noted that there is no solution that will allow for non-unique usernames. So, if you haven't resolved to get to username uniqueness in your environment, you probably need to do so.
-Chris
From: Roger Wiklund [mailto:roger.wiklund at gmail.com]
Sent: Thursday, February 23, 2012 9:28 AM
To: Beck, Christopher
Cc: cisco-voip at puck.nether.net
Subject: Re: [cisco-voip] CUCM 8.5 AD integration question or two
On Thu, Feb 23, 2012 at 4:19 PM, Beck, Christopher <CBeck at usg.com<mailto:CBeck at usg.com>> wrote:
Having researched this, the root of that question comes down to the tree structure. While CUCM can have multiple sources for user synchronization (whether it is one LDAP source or multiple LDAP sources), it can currently authenticate against only one. Thus, you need a single source for authentication that will handle all users.
Also, to Lelio's second point, whatever you choose to replicate as the user id (samUsername, UPN, etc.) has to be unique among all directories.
If you don't have a single namespace in the AD environment (and at least have everyone in a single forest), you should probably look at some sort of virtual ldap directory that can consolidate everything.
-Chris
That's my understanding also. This is currently a problem for us as a customer is splitting the company in two with totally separated ADs, but they still want LDAP sync/auth in the common UCM.
Apparently this can be solved, but as you said, UCM still has a single source for auth, and the connection between the two separate forrests must be done by the customers ADs configuring AD LDS/ADAM and what not.
https://supportforums.cisco.com/docs/DOC-16356#Active_Directory_Multiple_Forest_Support_Scenario_in_Unified_CM
Confidentiality Notice: This email is intended for the sole use of the intended
recipient(s) and may contain confidential, proprietary or privileged information.
If you are not the intended recipient, you are notified that any use, review,
dissemination, copying or action taken based on this message or its attachments,
if any, is prohibited. If you are not the intended recipient, please contact the
sender by reply email and destroy or delete all copies of the original message
and any attachments. Thank you.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20120223/3601921f/attachment.html>
More information about the cisco-voip
mailing list