Information Technology Reference
In-Depth Information
Table 9-3
LDAP User Attribute Mapping
CUCM
Microsoft AD
Other Supported LDAP
User ID
sAMAccountName
mail
employeeNumber
telephoneNumber
UserPrincipalName
uld
mail
employeeNumber
telephonePhone
First Name
givenName
Givenname
Middle Name
middleName
initials
Initials
Last Name
sn
sn
Manager ID
manager
manager
Department
department
department
Phone Number
telephoneNumber
ipPhone
telephonenumber
Mail ID
mail
sAMAccountName
mail
uld
LDAP Sync Requirements and Behavior
Keep these points in mind when planning and
implementing an LDAP Sync:
The data in the LDAP attribute that is mapped to the CUCM User ID field must be
unique in the LDAP (and therefore CUCM) database. Some LDAP fields allow dupli-
cate entries, but the CUCM User ID must be unique, so it is necessary to verify that
the LDAP data is unique before the Sync agreement is built.
■
The
sn
attribute (surname/last name) in LDAP must be populated with data or the
record will not be replicated to CUCM.
■
If the LDAP attribute that maps to the CUCM
User ID
attribute contains the same
data as an existing Application User in CUCM, that entry is skipped and not im-
ported into the CUCM database.
■
LDAP Sync Agreements
An LDAP Sync agreement defines what part of the LDAP directory will be searched for
user accounts. Many LDAP systems have a highly organized structure, with different con-
tainers for different functions, departments, locations, or privileges. The synchronization
agreement specifies at which point in the tree the search for user accounts will begin.
CUCM has access to the container specified in the agreement, and all levels below that in
the tree; it cannot search higher up the tree than the start point, nor can it search across to
