pat-cv at wcyv
Apr 10, 2012, 8:55 PM
Post #2 of 2
(352 views)
Permalink
|
|
Re: Unity Connection Integrate with LDAP Directory
[In reply to]
|
|
1. It would depend on the exact process that was used to migrate. To get
the existing users to show up as bulk integrated, take a look at this doc:
http://www.cisco.com/en/US/docs/voice_ip_comm/connection/8x/user_mac/guide/8xcucmac105.html#wp1074612
2. No, see design guide:
http://www.cisco.com/en/US/docs/voice_ip_comm/connection/8x/design/guide/8xcucdg040.html
"To protect the integrity of data in the LDAP directory, you cannot use
Connection tools to change any of the values that you import."
3. Yes, see design guide:
http://www.cisco.com/en/US/docs/voice_ip_comm/connection/8x/design/guide/8xcucdg040.html
"When the LDAP user account for a Connection user is disabled or deleted,
or if an LDAP directory configuration is deleted from the Connection
system, the following occurs:
*1. *Initially, when Connection users try to sign in to a Connection web
application, LDAP authentication fails because Connection is still trying
to authenticate against the LDAP directory.
If you have multiple LDAP directory configurations accessing multiple LDAP
user search bases, and if only one configuration was deleted, only the
users in the associated user search base are affected. Users in other user
search bases are still able to sign in to Connection web applications.
*2. *At the first scheduled synchronization, users are marked as "LDAP
inactive" in Connection.
Attempts to sign in to Connection web applications continue to fail.
*3. *At the next scheduled synchronization that occurs at least 24 hours
after users are marked as "LDAP inactive," all Connection users whose
accounts were associated with LDAP accounts are converted to Connection
standalone users.
For each Connection user, the password for Connection web applications and
for IMAP email access to Connection voice messages becomes the password
that was stored in the Connection database when the user account was
created. (This is usually the password in the user template that was used
to create the user.) Connection users do not know this password, so an
administrator must reset it.
The numeric password (PIN) for the telephone user interface and the voice
user interface remains unchanged.
Note the following regarding Connection users whose LDAP user accounts were
disabled or deleted, or who were synchronized via an LDAP directory
configuration that was deleted from Connection:
•The users can continue to sign in to Connection by phone during the period
in which Connection is converting them from an LDAP-synchronized user to a
standalone user.
•Their messages are not deleted.
•Callers can continue to leave messages for these Connection users."
On Tue, Apr 10, 2012 at 9:58 AM, Jeff Ruttman <ruttmanj [at] carewisc> wrote:
> Greetings,****
>
> ** **
>
> A consultant migrated us from old Unity to Unity Connection. We are setup
> to LDAP sync with Active Directory once per day, and it works fine. ****
>
> ** **
>
> New folks get synced into UConn and the LDAP Integration status is set TO
> integrate with LDAP. However the bulk of our users who were all migrated
> to UConn have LDAP Integration status set to NOT integrate with LDAP. That
> seems like an odd configuration to me.****
>
> ** **
>
> **1. **Is the NOT integrate status due to the migration itself? Or
> could the consultant have chosen to have migrated users integrated?****
>
> **2. **If a user is set TO integrate, will changing sync-ed fields
> in UConn in turn change them in AD?****
>
> **3. **If a user is set to NOT integrate, and we delete them out of
> AD, the user remains in UConn, right?****
>
> ** **
>
> Thanks****
>
> jeff****
>
> _______________________________________________
> cisco-voip mailing list
> cisco-voip [at] puck
> https://puck.nether.net/mailman/listinfo/cisco-voip
>
>
|
