|
Home > Archive > Voice over IP Cisco > December 2007 > LDAP Search Refinement
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
LDAP Search Refinement
|
|
| Matthew J. Hughes 2007-12-20, 7:11 pm |
| We are implementing CCM6 on campus and now using our Active Directory for
logins for CCMusers, and for the directory. The AD was not designed to be
CCM friendly so it has OUs that are not wanted, and users in the groups that
don't have a phone associated with them. It is possible I suppose to mess
with the AD structure and move unwanted users to alternate OUs, but this
shouldn't be necessary. You can define a "LDAP User Search Base" but my
understanding is you can not put refined search criteria in this field. I
want to only get the AD users that have a 4 digit extension listed in the
IPPHONE field of LDAP. I don't see a way to do this in CCM Admin. Are
any of you familiar with LDAP enough to give guidance? All I could think to
do is have a intermediary LDAP "Gateway" the gateway(OPEN LDAP, etc..) will
sync with AD getting only the users I want, CCM6 would then sync with the
Gateway. Downside is we have to maintain a different LDAP server just for
this purpose. Any Ideas?
| |
| Scott Voll 2007-12-20, 7:11 pm |
| With CM 4.1 this isn't possible to my knownledge. What you can do is just
put your users with extensions in one container and then aim your LDAP to
that Container. Might be the easiest.
Scott
On Dec 20, 2007 3:33 PM, Matthew J. Hughes <mattjhughes@gmail.com> wrote:
> We are implementing CCM6 on campus and now using our Active Directory for
> logins for CCMusers, and for the directory. The AD was not designed to be
> CCM friendly so it has OUs that are not wanted, and users in the groups that
> don't have a phone associated with them. It is possible I suppose to mess
> with the AD structure and move unwanted users to alternate OUs, but this
> shouldn't be necessary. You can define a "LDAP User Search Base" but my
> understanding is you can not put refined search criteria in this field. I
> want to only get the AD users that have a 4 digit extension listed in the
> IPPHONE field of LDAP. I don't see a way to do this in CCM Admin. Are
> any of you familiar with LDAP enough to give guidance? All I could think to
> do is have a intermediary LDAP "Gateway" the gateway(OPEN LDAP, etc..) will
> sync with AD getting only the users I want, CCM6 would then sync with the
> Gateway. Downside is we have to maintain a different LDAP server just for
> this purpose. Any Ideas?
>
> ________________________________________
_______
> cisco-voip mailing list
> cisco-voip@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
>
| |
| Bill Simon 2007-12-21, 1:12 am |
| We made a custom directory lookup script to search against our
non-CCM-like LDAP.
http://www.personal.psu.edu/wcs131/...and_dial_1.html
Feel free to take the code and work it into your environment.
Matthew J. Hughes wrote:
> We are implementing CCM6 on campus and now using our Active Directory
> for logins for CCMusers, and for the directory. The AD was not
> designed to be CCM friendly so it has OUs that are not wanted, and users
> in the groups that don't have a phone associated with them. It is
> possible I suppose to mess with the AD structure and move unwanted users
> to alternate OUs, but this shouldn't be necessary. You can define a
> "LDAP User Search Base" but my understanding is you can not put refined
> search criteria in this field. I want to only get the AD users that have
> a 4 digit extension listed in the IPPHONE field of LDAP. I don't see a
> way to do this in CCM Admin. Are any of you familiar with LDAP enough
> to give guidance? All I could think to do is have a intermediary LDAP
> "Gateway" the gateway(OPEN LDAP, etc..) will sync with AD getting only
> the users I want, CCM6 would then sync with the Gateway. Downside is we
> have to maintain a different LDAP server just for this purpose. Any
> Ideas?
| |
| Jonathan Charles 2007-12-21, 1:12 am |
| Place your phone users into an OU that you can specify as your search
base.... Other than that there is no way to filter...
Jonathan
On Dec 20, 2007 5:33 PM, Matthew J. Hughes <mattjhughes@gmail.com> wrote:
>
>
> We are implementing CCM6 on campus and now using our Active Directory for
> logins for CCMusers, and for the directory. The AD was not designed to be
> CCM friendly so it has OUs that are not wanted, and users in the groups that
> don't have a phone associated with them. It is possible I suppose to mess
> with the AD structure and move unwanted users to alternate OUs, but this
> shouldn't be necessary. You can define a "LDAP User Search Base" but my
> understanding is you can not put refined search criteria in this field. I
> want to only get the AD users that have a 4 digit extension listed in the
> IPPHONE field of LDAP. I don't see a way to do this in CCM Admin. Are
> any of you familiar with LDAP enough to give guidance? All I could think to
> do is have a intermediary LDAP "Gateway" the gateway(OPEN LDAP, etc..) will
> sync with AD getting only the users I want, CCM6 would then sync with the
> Gateway. Downside is we have to maintain a different LDAP server just for
> this purpose. Any Ideas?
> ________________________________________
_______
> cisco-voip mailing list
> cisco-voip@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
>
| |
|
|
| Jonathan Charles 2007-12-21, 1:11 pm |
| Where do you do that?
Jonathan
On Dec 21, 2007 9:14 AM, Wes Sisk <wsisk@cisco.com> wrote:
>
> Matthew,
>
> For CM5.x and 6.x there is an ldap filtering mechanism that allows you to
> filter on user attributes. So if you can set a 'valid' attribute on all of
> your valid users, you can then setup an ldap filter for CM that only imports
> those valid users. It will be some leg work, but it is possible. I will
> pass you the instructions offline.
>
> /Wes
>
> Matthew J. Hughes wrote:
>
>
> We are implementing CCM6 on campus and now using our Active Directory for
> logins for CCMusers, and for the directory. The AD was not designed to be
> CCM friendly so it has OUs that are not wanted, and users in the groups that
> don't have a phone associated with them. It is possible I suppose to mess
> with the AD structure and move unwanted users to alternate OUs, but this
> shouldn't be necessary. You can define a "LDAP User Search Base" but my
> understanding is you can not put refined search criteria in this field. I
> want to only get the AD users that have a 4 digit extension listed in the
> IPPHONE field of LDAP. I don't see a way to do this in CCM Admin. Are
> any of you familiar with LDAP enough to give guidance? All I could think to
> do is have a intermediary LDAP "Gateway" the gateway(OPEN LDAP, etc..) will
> sync with AD getting only the users I want, CCM6 would then sync with the
> Gateway. Downside is we have to maintain a different LDAP server just for
> this purpose. Any Ideas? ________________________________
>
>
> ________________________________________
_______
> cisco-voip mailing list
> cisco-voip@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
>
> ________________________________________
_______
> cisco-voip mailing list
> cisco-voip@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
>
| |
|
| On Dec 21, 2007 5:22 PM, Jonathan Charles <jonvoip@gmail.com> wrote:
> Where do you do that?
>
Yup, maybe Wes can update the list with those pointers. Also, how
would you go about updating those users and associating them with
their Device Profiles using BAT ??
Thnx
| |
| Jonathan Charles 2007-12-21, 1:11 pm |
| Update users... in BAT...
And on the BAT file just fill out username and Controlled
Device/Profile 1 (you will need to change Number of Controlled
Devices/Profiles from 0 to 1 first) and then BAT it in...
Jonathan
On Dec 21, 2007 9:31 AM, Lemon <lemon@lemon.za.net> wrote:
> On Dec 21, 2007 5:22 PM, Jonathan Charles <jonvoip@gmail.com> wrote:
>
> Yup, maybe Wes can update the list with those pointers. Also, how
> would you go about updating those users and associating them with
> their Device Profiles using BAT ??
>
> Thnx
>
> ________________________________________
_______
> cisco-voip mailing list
> cisco-voip@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
>
|
|
|
|
|