We are implementing CCM6 on campus and now using our Active Directory for
logins for CCMusers, and for the directory.   The AD was not designed to be
CCM friendly so it has OUs that are not wanted, and users in the groups that
don't have a phone associated with them.  It is possible I suppose to mess
with the AD structure and move unwanted users to alternate OUs, but this
shouldn't be necessary.    You can define a "LDAP User Search Base" but my
understanding is you can not put refined search criteria in this field. I
want to only get the AD users that have a 4 digit extension listed in the
IPPHONE field of LDAP.   I don't see a way to do this in CCM Admin.   Are
any of you familiar with LDAP enough to give guidance?  All I could think to
do is have a intermediary LDAP "Gateway"  the gateway(OPEN LDAP, etc..) will
sync with AD getting only the users I want, CCM6 would then sync with the
Gateway.  Downside is we have to maintain a different LDAP server just for
this purpose.   Any Ideas?

[ Post a follow-up to this message ]

With CM 4.1 this isn't possible to my knownledge.  What you can do is just
put your users with extensions in one container and then aim your LDAP to
that Container.  Might be the easiest.

Scott

On Dec 20, 2007 3:33 PM, Matthew J. Hughes <mattjhughes@gmail.com> wrote:

> We are implementing CCM6 on campus and now using our Active Directory for
> logins for CCMusers, and for the directory.   The AD was not designed to b
e
> CCM friendly so it has OUs that are not wanted, and users in the groups th
at
> don't have a phone associated with them.  It is possible I suppose to mess
> with the AD structure and move unwanted users to alternate OUs, but this
> shouldn't be necessary.    You can define a "LDAP User Search Base" but my
> understanding is you can not put refined search criteria in this field. I
> want to only get the AD users that have a 4 digit extension listed in the
> IPPHONE field of LDAP.   I don't see a way to do this in CCM Admin.   Are
> any of you familiar with LDAP enough to give guidance?  All I could think 
to
> do is have a intermediary LDAP "Gateway"  the gateway(OPEN LDAP, etc..) wi
ll
> sync with AD getting only the users I want, CCM6 would then sync with the
> Gateway.  Downside is we have to maintain a different LDAP server just for
> this purpose.   Any Ideas?
>
>  ________________________________________
_______
> cisco-voip mailing list
> cisco-voip@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
>

[ Post a follow-up to this message ]

We made a custom directory lookup script to search against our
non-CCM-like LDAP.
http://www.personal.psu.edu/wcs131/...>
_dial_1.html

Feel free to take the code and work it into your environment.

Matthew J. Hughes wrote:
> We are implementing CCM6 on campus and now using our Active Directory
> for logins for CCMusers, and for the directory.   The AD was not
> designed to be CCM friendly so it has OUs that are not wanted, and users
> in the groups that don't have a phone associated with them.  It is
> possible I suppose to mess with the AD structure and move unwanted users
> to alternate OUs, but this shouldn't be necessary.    You can define a
> "LDAP User Search Base" but my understanding is you can not put refined
> search criteria in this field. I want to only get the AD users that have
> a 4 digit extension listed in the IPPHONE field of LDAP.   I don't see a
> way to do this in CCM Admin.   Are any of you familiar with LDAP enough
> to give guidance?  All I could think to do is have a intermediary LDAP
> "Gateway"  the gateway(OPEN LDAP, etc..) will sync with AD getting only
> the users I want, CCM6 would then sync with the Gateway.  Downside is we
> have to maintain a different LDAP server just for this purpose.   Any
> Ideas?

[ Post a follow-up to this message ]

Place your phone users into an OU that you can specify as your search
base.... Other than that there is no way to filter...


Jonathan

On Dec 20, 2007 5:33 PM, Matthew J. Hughes <mattjhughes@gmail.com> wrote:
>
>
> We are implementing CCM6 on campus and now using our Active Directory for
> logins for CCMusers, and for the directory.   The AD was not designed to b
e
> CCM friendly so it has OUs that are not wanted, and users in the groups th
at
> don't have a phone associated with them.  It is possible I suppose to mess
> with the AD structure and move unwanted users to alternate OUs, but this
> shouldn't be necessary.    You can define a "LDAP User Search Base" but my
> understanding is you can not put refined search criteria in this field. I
> want to only get the AD users that have a 4 digit extension listed in the
> IPPHONE field of LDAP.   I don't see a way to do this in CCM Admin.   Are
> any of you familiar with LDAP enough to give guidance?  All I could think 
to
> do is have a intermediary LDAP "Gateway"  the gateway(OPEN LDAP, etc..) wi
ll
> sync with AD getting only the users I want, CCM6 would then sync with the
> Gateway.  Downside is we have to maintain a different LDAP server just for
> this purpose.   Any Ideas?
>  ________________________________________
_______
> cisco-voip mailing list
> cisco-voip@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
>

[ Post a follow-up to this message ]

________________________________________
_______
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

[ Post a follow-up to this message ]

Where do you do that?


Jonathan

On Dec 21, 2007 9:14 AM, Wes Sisk <wsisk@cisco.com> wrote:
>
>  Matthew,
>
>  For CM5.x and 6.x there is an ldap filtering mechanism that allows you to
> filter on user attributes.  So if you can set a 'valid' attribute on all o
f
> your valid users, you can then setup an ldap filter for CM that only impor
ts
> those valid users.  It will be some leg work, but it is possible.  I will
> pass you the instructions offline.
>
>  /Wes
>
>  Matthew J. Hughes wrote:
>
>
> We are implementing CCM6 on campus and now using our Active Directory for
> logins for CCMusers, and for the directory.   The AD was not designed to b
e
> CCM friendly so it has OUs that are not wanted, and users in the groups th
at
> don't have a phone associated with them.  It is possible I suppose to mess
> with the AD structure and move unwanted users to alternate OUs, but this
> shouldn't be necessary.    You can define a "LDAP User Search Base" but my
> understanding is you can not put refined search criteria in this field. I
> want to only get the AD users that have a 4 digit extension listed in the
> IPPHONE field of LDAP.   I don't see a way to do this in CCM Admin.   Are
> any of you familiar with LDAP enough to give guidance?  All I could think 
to
> do is have a intermediary LDAP "Gateway"  the gateway(OPEN LDAP, etc..) wi
ll
> sync with AD getting only the users I want, CCM6 would then sync with the
> Gateway.  Downside is we have to maintain a different LDAP server just for
> this purpose.   Any Ideas? ________________________________
>
>
>  ________________________________________
_______
> cisco-voip mailing list
> cisco-voip@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
>
>  ________________________________________
_______
> cisco-voip mailing list
> cisco-voip@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
>

[ Post a follow-up to this message ]

On Dec 21, 2007 5:22 PM, Jonathan Charles <jonvoip@gmail.com> wrote:
> Where do you do that?
>

Yup, maybe Wes can update the list with those pointers. Also, how
would you go about updating those users and associating them with
their Device Profiles using BAT ??

Thnx

[ Post a follow-up to this message ]

Update users... in BAT...

And on the BAT file just fill out username and Controlled
Device/Profile 1 (you will need to change Number of Controlled
Devices/Profiles from 0 to 1 first) and then BAT it in...



Jonathan

On Dec 21, 2007 9:31 AM, Lemon <lemon@lemon.za.net> wrote:
> On Dec 21, 2007 5:22 PM, Jonathan Charles <jonvoip@gmail.com> wrote: 
>
> Yup, maybe Wes can update the list with those pointers. Also, how
> would you go about updating those users and associating them with
> their Device Profiles using BAT ??
>
> Thnx
>
>  ________________________________________
_______
> cisco-voip mailing list
> cisco-voip@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
>

[ Post a follow-up to this message ]