Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
14191
Views
0
Helpful
3
Replies

Multiple AD with CUCM and authentiation

viraj0raut
Level 1
Level 1

‎11-24-2015 10:07 PM - edited ‎03-19-2019 10:25 AM

Hello,

We have a deployment that has multiple ADs <5, each with a different domain.

CUCM supports LDAP sync from 5 sources. Can we use this so that CUCM synchronizes with the ADs and authentication uses SSO.

Customer has SSO service from a provider.

Any pointers or whitepapers will be a great help.

Regards

Viraj

0 Helpful
3 Replies 3

IngoJuergensmann
Level 5
Level 5

‎11-26-2015 12:28 AM

Hi Viraj!

You question indicates that you are running on an older version of CUCM. In newer CUCM versions you can have more than 5 LDAP directories. Currently our CUCM 10.5 has 11 LDAP connections.

However you can only have one LDAP directory connection for authentication (at least in 10.5, don't know about 11.x).

If you want to have users authenticate from multiple ADs/LDAPs, you will need some kind of metadirectory inbetween. We have evaluated ESTOS Metadirectory, but the decision was back then to go with two separated CUCM installations and a common Prime License Manager for both installations.

No idea how SSO relates to this.

0 Helpful

viraj0raut
Level 1
Level 1
In response to IngoJuergensmann

‎11-30-2015 09:00 AM

Thank you, this is a great help.

We plan to use the multiple LDAP sources functionality of CUCM 10.x onward. However since authentication on CUCM LDAP config can only authenticate with one source, we plan to use SSO feature in CUCM to authenticate users from the various ADs using a single iDP such as ADFS.

Regards

Viraj

0 Helpful

Drazen Juran
Level 1
Level 1

‎12-14-2015 11:15 PM

Hello,

You can use multiple AD authentication but you need to use LDAP PROXY.

All connections for authentication to go through a proxy LDAP and LDAP sync goes directly to the AD controller server. You can try for example: https://www.netiq.com/products/ldap-proxy/ . We use custom made LDAP PROXY and it work perfect.

Regards

Drazen

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents