CUCM User Management: Managing Users via LDAP

  • What is LDAP?
  • LDAP synchronisation
  • LDAP authentication

Replace CUCM local user database with LDAP database. You get several warnings enabling this and a 24 buffer is offered to rollback.

CUCM has no write access back to LDAP. This is an import only from LDAP to CUCM.

Password doesn’t come over in import

LDAP Authentication enables the CUCM the ability to check password in AD

System-> LDAP

LDAP Server Type – Microsoft Active Directory

Enable Sync from LDAP Server

LDAP Attribute for User ID: sAMAccountName from AD

*Serviceability Tools Service Activation -> Cisco DirSync Must be enabled!

LDAP -> LDAP Directory

Add new LDAP directory

Existing End Users will be deleted! (After 24 hours)

Configure LDAP! Requires LDAP knowledge


‘Sync Agreement’ has to be setup

LDAP Manager Distinguished Name: Powerful user from AD:
CN=Dean Babbage,CN=SD Admin Accounts,DC=centra,DC=local

*Talk to the Microsoft guy!

LDAP User Search Base: Where to pull accounts from?

LDAP Schedule to be defined

User Fields to match AD attributes

LDAP Server: Domain Controller in AD

Perform Full Sync now for manual sync

Inactive status is a user that is in the 24 hour window for deletion

LDAP Authentication Enable

LDAP Distinguished Name as above

Easy to enable