[cisco-voip] CUCM LDAP integration question

Ryan Huff ryanhuff at outlook.com
Tue Apr 18 07:45:35 EDT 2017


No, Directory Sync will not import active directory passwords into the communications manager Informix schema.

That is the point of active directory authentication, it's simply issuing a bind request to the directory server which yields a positive or negative return value.

Sent from my iPhone

On Apr 18, 2017, at 7:38 AM, Ahmed Abd EL-Rahman <Ahmed.Rahman at bmbgroup.com<mailto:Ahmed.Rahman at bmbgroup.com>> wrote:

Hi Ryan,

The two different domains are under the one forest.

But let me ask something else, If I used only the LDAP integration without LDAP authentication, so call manager will fetch users accounts from the LDAP but in this case the authentication will occur against CUCM users (which actually were fetched from the LDAP), my question in this case when the accounts are being fetched from LDAP they will be fetched with their current domain passwords, right?





Best Regards

Ahmed Abd EL-Rahman
Senior Network Engineer

From: Ryan Huff [mailto:ryanhuff at outlook.com]
Sent: Tuesday, April 18, 2017 1:32 PM
To: Ahmed Abd EL-Rahman <Ahmed.Rahman at bmbgroup.com<mailto:Ahmed.Rahman at bmbgroup.com>>
Cc: cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
Subject: Re: [cisco-voip] CUCM LDAP integration question

Hi Ahmed,

You're on the right track, you can sync multiple forests/directories but you can only bind against one schema.

Might be time to look outside of AD for authentication (SSO).

Thanks,

Ryan



Sent from my iPhone
On Apr 18, 2017, at 5:50 AM, Ahmed Abd EL-Rahman <Ahmed.Rahman at bmbgroup.com<mailto:Ahmed.Rahman at bmbgroup.com>> wrote:
Hi Gents,

I have CUCM 11.5 and end users belong to 2 different domains with 2 different LDAP systems, here is my question; is it possible for the call manager to integrate with two different LDAP systems in the same time to provision and authenticate end users’ account? I do understand that we can add 2 LDAP directories in CUCM but when it comes to LDAP authentication I can find only 1 possibility is there ???

So any clues ?






Best Regards

Ahmed Abd EL-Rahman
Senior Network Engineer

_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
https://puck.nether.net/mailman/listinfo/cisco-voip
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20170418/0b626234/attachment.html>


More information about the cisco-voip mailing list