[cisco-voip] CUCM 10.5 and MS AD LDS

Mike Lydick mike.lydick at gmail.com
Fri Jul 24 14:29:23 EDT 2015


We are trying to integrate CUCM 10.5 with AD LDS on Windows 2012 Member
Server. The source AD is Windows 2008. We are able to get the users
accounts to sync with ADAM sync to the LDS server but the CUCM does not
import the accounts. We have tried using the Attribute for User ID (CUCM
LDAP configuration) as UPN or Mail ID with no success.

The CUCM DirSync traces show errors indicating missing element:

2015-07-22 18:14:11,363 ERROR [DirSync-DBInterface] common.DSDBInterface
(DSDBInterface.java:530) - DSDBInterface.updateUserInfo LDAP data
discarded: Missing LDAP attribute: Attribute Count=2
AgreementId=aafebf6f-8f39-5590-4959-b2eb5df5f146

There seems to be only account in the logs that its querying. We have over
300 so I do not think CUCM is getting a response that the expected accounts
were queried.

To get the LDS to sync the accounts we had to add the following user
attributes to the LDS schema:

- ms-DS-UserAccountAutoLocked
- msDS-UserAccountDisabled
- msDS-UserDontExpirePassword
- ms-DS-UserEncryptedTextPassword
- msDS-UserPasswordExpired
- ms-DS-UserPasswordNotRequired

We added a test Local LDS account and this did import. We exported the user
attributes from one AD --> LDS sync'd account and the LDS local account.
The only relevant difference was the msDS-UserAccountDisabled shows unset
for the the AD --> LDS sync'd account. The local account we set this to
False to enable the account.

Would like to know if there is anyone that has this working and can provide
some feedback on how you got it working.

Thanks!

Mike
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20150724/f6fb0ea5/attachment.html>


More information about the cisco-voip mailing list