In the last article we have seen how to set up Microsoft Active Directory for LDAP integration with CUCM. There is an awesome feature in the LDAP configuration called LDAP Custom Filter that will let you to filter users specifically via LDAP AD query.
LDAP search filter (LDAP Custom Filter) permits to selectively SYNC users from the corporate directory and optimize directory synchronization performance.
Only the users who meets specific criteria (e.g. ipPhone Field) will be imported to the Call Manager. There has to be few syntax that you have to remember for proper LDAP query. But with Microsoft Active Directory ‘LDAP search feature or LDAP query tool for active directory’ you do not required to learn any query syntax, everything can be identified from Microsoft AD itself.
The LDAP Search mechanism performed by CUCM is defined by RFC 4510, CUCM may send a request to retrieve data from the LDAP server.
Let’s get in to the LDAP Custom Filter for CUCM configuration,
Aim: There is a field called ‘IP phone’ in the LDAP user attributes. What we gonna do is, populate the field with the extension number of the user and only import users who is having IP phone entry. Whoever is there without IP phone field, will not be synced with CUCM.
Step 1: Generate LDAP Query or LDAP Custom Filter Syntax
Open Microsoft Active Directory (AD) and go to ‘Saved Queries’ at the left top corner.
Right click New >> Query
Enter some name and description for your query and click ‘Define Query’
- Find: Custom Search
Field: User >> IP Phone Number
- Condition: Present
This will generate a script (LDAP Search Query), copy the script and click OK.
[Note: This LDAP Query script will be used in the Call Manager.]
You can see the result based on the query, only the users having the IP phone filed will be displayed over the right side. Here I can see only one user since I have populated the ‘IP Phone’ entry for this particular user.
Step 2: Configure LDAP Custom Filter in Call Manager
Shoot your Call Manager Administration interface System >> LDAP >> LDAP Custom Filter >> Add New
- Name: LDAP_FILTER_IP_PHONE
- Filter: (&(objectCategory=user)(objectClass=user)(ipPhone=*))
[Note: Filter script that we obtained from Step 1.]
Step 3: Call the LDAP Custom Filter from LDAP Directory Configuration
Go to LDAP Directory Configuration (System >> LDAP >> LDAP Directory) and open it.
Under LDAP Custom Filter for Users field select the ‘LDAP_FILTER_IP_PHONE’ created in Step 2.
Now perform a Full Sync now, then verify the users by going to User Management >> End User >> Find.
Here only the users with IP Phone entries will be replicated.
[Note: Previously imported users will not be deleted, those will exist in the data base. You can manually delete them if required.]
Now we are done with our LDAP custom filter configuration in CUCM. Hope you guys enjoyed the article and fell free to ask your doubts. Like our facebook page to get latest updates.