Cisco Unified Communications Manager LDAP Integration Question

We use CUCM 7.1 and have been integrated to AD via LDAP Sync for years. The LDAP User Search Base is specific - like this..

OU=USERS, OU=ACME, DC=COYOTE, DC=LOCAL

The Sys admins started migrating over some users to another OU in order to accommodate migration to Exchange 2013. Let's call it..

OU=EX13USERS, OU=ACME, DC=COYOTE, DC=LOCAL

The problem is that on the CIsco phone (7945G) - if I press Corporate Directory I can no longer find anyone in the EX13USERS OU 0- only those still in OU USERS.

If I tried to sync from a point higher in the tree say  OU=ACME, DC=COYOTE, DC=LOCAL - would that succeed in importing all users from all OU's below it? Or any way to sync from two or more separate specific OU's e.g.
OU=EX13USERS, OU=ACME, DC=COYOTE, DC=LOCAL  ..AND.. OU=USERS, OU=ACME, DC=COYOTE, DC=LOCAL

Thank you.
LVL 1
amigan_99Network EngineerAsked:
Who is Participating?
 
José MéndezConnect With a Mentor Commented:
Yes you can create 2 different LDAP directories and point each one to a different OU, although if you point directly to  OU=ACME, DC=COYOTE, DC=LOCAL (which contains EX13USERS and USERS) then Callmanager will search within the OUs inside ACME and sync those accounts.

http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/srnd/8x/uc8x/directry.html#wp1045381

This is not desirable if there are other OUs within ACME that do not contain telephony users. If this is the case, 2 different LDAP directories in Callmanager pointing to different OUs is the preferred method.
0
 
amigan_99Network EngineerAuthor Commented:
Excellent news. Thank you again!
0
 
amigan_99Network EngineerAuthor Commented:
Say a a follow-on if I may..

If I create another LDAP Directory (System/LDAP/LDAP Dir) for syncing - should I also create another
LDAP Authentication (System/LDAP/LDAP Authentication) instance as well? The current LDAP Auth specifies the same LDAP User Search Base as the LDAP Directory entry.
0
Learn to develop an Android App

Want to increase your earning potential in 2018? Pad your resume with app building experience. Learn how with this hands-on course.

 
José MéndezCommented:
You can only have 1 LDAP authentication agreement, that one should point to a DC that knows how to authenticate any user/password passed to Callmanager. In your case, point it to the upper OU that contains the affected inner OUs.
0
 
amigan_99Network EngineerAuthor Commented:
Cool - thanks again.
0
 
José MéndezCommented:
Welcome mate
0
All Courses

From novice to tech pro — start learning today.