LDAP Integration

[mrlugz]

We currently have CUCM 8.6.2 with contact centre express 8.5.1 and unity connection 8.6.2

The system is fully set up and operational, but we would like to integrate with AD.

Has anyone ever done this before?

Anything that may cause an issue, i.e. existing records that arent on AD, fixed telephones that dont have a user assigned to them?

Kind regards

Lugz

 

[whykap]

First off, I highly suggest you read the LDAP integration guide as well as the system guide that refers to LDAP. It will clear a lot of your concerns.
To answer you questions now.
Once you integrate with LDAP, all the local end users (not applications users) will cease to exist.
So you must make sure any account/end user created in UDS directory of call manager is also in LDAP.
If the alias (user id) in call manager is not exactly the same as your LDAP, then anything assigned to that user will not be reassigned to the LDAP account. If they match then you have no worries.
Anything that does not match will need to be redone manually.
Also any uccx specific accounts will need to be recreated in LDAP unless they are application users.
Finally, I urge you to clean up your LDAP before you integrate as at that point call manager relies on LDAP for ALL user information, including their DN. If it is not correct, user directory will be wrong and also your CCX agents will not be able to login.

In version 9.X and later you can have local users in call manager as well as integrate will LDAP but at the version you are at, that feature is not available.

Unless you are 100% sure you know what you are getting into, be very careful as you can break your call center if done wrong. It is simple to do but with quite a few gotchas, so you might want to bring in a consultant to help you get it going or at least prep it.

Let us know if you have additional questions.

 

[mrlugz]

Thanks Wykap, exactly the information I was looking for.

I have read a lot of the Cisco documentation on it, but it doesnt really give you the 'gotchas', typically you get 'do this and it will just work'

The main issue for us is going to be logging on to the phones. From what I can gather, after LDAP integration you have to log on to the phone with your AD credentials. This would cause too many complaints from users.

I am not 100% sure about this and most certainly dont want to break the call centre, so I will be passing on the info and look at getting someone in.

Once again, thanks for taking the time to provide such a detailed response. Its appreciated.

 

[gnrslash4life]

While my LDAP/CUCM integration knowledge is limited, from what I know, while yes, you can set up the config to be that way where users authenticate, its not mandatory. It can authenticate against the CUCM as a whole.

Certifications:
A+
Network+
CCENT
CCNA Voice
TVOICE

 

[whykap]

GNR is correct you can skip ldap authentication and still use local authentication. It kinda defeats the purpose as you will stil have two places to go to support these users each time.

 

[mrlugz]

The main reason for the change is reduce admin overhaeds on the corporate directory, I suppose I could just put an idea forward where evertone has their accounts renamed to dir#@mycompany.com