[cisco-voip] Automatically exporting just the DN and description fields

Ben Amick bamick at HumanArc.com
Fri Sep 1 14:29:55 EDT 2017


Those all sound like wonderfully useful scripts. Especially that second one, I have some helpdesk guys who sometimes cause more harm than good with their troubleshooting.

I legitimately don't know how to deal with that Unity issue though, it's a bit agitating since I don't know of any reason my staff should be touching the OU membership of users to cause them to drop off the LDAP sync.

All these different scripting cases really make me wish I knew of a huge github repository for UC, like there is with Powershell and other dev centric things.

-----Original Message-----
From: cisco-voip [mailto:cisco-voip-bounces at puck.nether.net] On Behalf Of Pawlowski, Adam
Sent: Friday, September 1, 2017 2:22 PM
To: cisco-voip at puck.nether.net
Subject: Re: [cisco-voip] Automatically exporting just the DN and description fields

Lelio,

I guess it depends on your approach and your security perspective like another poster here mentioned.

In UCM 11.5 there is supposed to be an AXL Read Only role, so while you could potentially leak data with this role, you would not have too much trouble damage.

I use a specific application user credential with AXL access for some of my UCM scripts. I wrote one that lets us prowl through devices, combined with network and phone statistics from another server, which was written in Perl - using this credential.

Others are more "interactive" - I have a series of scripts that I use for other purposes and I intake credentials at the shell for those:

 - Bulk setting user profiles, setting self-service IDs to match Primary Extension if not set, bulk enabling for IM and Presence
 - Trolling through user and device objects and looking for settings that are deviant or updating them
 - Searching for speed dial, BLF, or lines by "label" (still can't do this from the Admin application for whatever reason)

I use the AXL API for this and have tried my best to stay away from the SQL functions, using the documented functions though they don't always work as expected.

Unity Connection's API is significantly worse for a lot of operations, so you do end up having to come through the CLI to run queries (as far as I know) which means I'm not putting the administrator credentials into a file somewhere. I use that one primary to grab user IDs that have voicemail for other operations, or to reset the LDAP integration bubble as Connection will drop users out who disappeared out of sync, and does not pick back up on them when they re-appear. 

In that case I pull a list of users via the CLI since you can't really "search" all of them, check their group membership in LDAP, report, and, if they've dropped out, use JSON to set ldap_type to 3.

Plenty of things out there that can save you a bit of time for bulk operations or even nuance changes.

BTW would you mind if you have a bit of time shooting me a mail on the outcome of running your users through Expressway exclusively for Jabber (I think this was you?) I may have to do that myself.

Best,

Adam Pawlowski
SUNYAB NCS



>Message: 11
>Date: Fri, 1 Sep 2017 02:40:27 +0000
>From: Lelio Fulgenzi <lelio at uoguelph.ca>
>To: Brian Meade <bmeade90 at vt.edu>
>Cc: Stephen Welsh <stephen.welsh at unifiedfx.com>, cisco-voip
>	<cisco-voip at puck.nether.net>
>Subject: Re: [cisco-voip] Automatically exporting just the DN and
>	Description fields
>Message-ID: <DD831C09-8829-4198-B02A-ED0E0D0E33EE at uoguelph.ca>
>Content-Type: text/plain; charset="utf-8"
>
>Agreed. Amazing. This might actually give me what I need to start thinking about programming some scripts.
>
>Silly question though.
>
>Passwords. Do you store these in your scripts? Do you pass them via an argument read from a file? How do you ensure this password is not "revealed" to those who shouldn't see it?



_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net
http://cp.mcafee.com/d/avndy0Ad6QnXI9CzCWbb9KVJ55BZBcsehd79J55BZBcsY-Orhhpvuv7ffK6Qkn3hOqerTKzsSgRmlyEa9JGX3oSVsSjrlS6NJOVJxZ_jhPFEVvW_6zCWbdTSeLsKCOqerYy-OeLstvG8FHnjlKM_OEuvkzaT0QSyrhdTWWaqr9EVKDsQsCXCOsVHkiP5CX5u1FfUY3s4RtxxYGjB1SKmBiRiVCIBztFkJkKpH9oKgGT2TQ1iPtyL0QDYu1FJNYsCr1vF6y0QJSBiRiVCIBziWq811KtltDaSDDBzh1UuJmcVg8Cy0hrFcQgj9-q80U66y3o86y13Wmz9qsGMd43ILfgEr7fC-h3xuy0QYuv


Confidentiality Note: This message is intended for use only by the individual or entity to which it is addressed and may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient or the employee or agent responsible for delivering the message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please contact the sender immediately and destroy the material in its entirety, whether electronic or hard copy. Thank you


More information about the cisco-voip mailing list