[cisco-voip] LDAP, Sync, Filters and CUCM
Anthony Holloway
avholloway+cisco-voip at gmail.com
Tue May 3 15:04:34 EDT 2016
This is related to my post I just made on UCCX and LDAP via CUCM.
I also just found out that a CUCM with an already synced user database
behaves in the following two ways:
1. If you modify the filter such that it matches 0 records, the sync
doesn't happen at all. No users are marked as Inactive, no users are
pulled in, and no users are updated
You will see this in the DirSync log
Dirsync synched zero users. Please verify the custom LDAP filter
configured for this agreement
2. However, if you modify the filter such that it matches a single
record, the sync does happen. All of the non-matched users will become
Inactive.
You will see this in the DirSync log (the value 1660 will vary by
scenario)
DSDBInterface.setUserInactive Found 1660 users in database needing update
For #1, it seems like this might be a protection mechanism, preventing you
from destroying your entire corporate directory. Because, recall that EM,
Jabber, Finesse, etc., all require your account to be Active Synced in
order to authenticate you; therefore, making 1660 people go Inactive will
have a large impact. Or perhaps it was a coding error, and they should
have made all users go Inactive?
For #2, if we're thinking #1 could be a protective mode, then wouldn't 100%
user loss be just as bad as 99%? Perhaps the protection mechanism should
look for a smaller percentage drop in Active users and prohibit an LDAP
update at that time and display a warning on the page (I.e., Like the last
known good backup now shows up on the About page).
What do you think? Have you seen this before? Has it bit you? Am I
missing something obvious? Let me know. Thanks.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20160503/56ec0a22/attachment.html>
More information about the cisco-voip
mailing list