cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
975
Views
5
Helpful
5
Replies

CUPI.NET - meaning of LdapType.Unknown

stephan.steiner
Spotlight
Spotlight

Hi

What's the meaning of LdapType.Unknown in a FullUser? The name seems to suggest something undefinied - which I'm sure it isn't.

In fact, looking at the wiki, 3 isn't even a valid valid for LdapType: http://docwiki.cisco.com/wiki/Cisco_Unity_Connection_Provisioning_Interface_(CUPI)_API_--_User_API, so I'd expect my mailboxes to return 1. Users without ldap sync properly return LdapType.None (0), and if I have a user whose ldap integration is inactive, it properly returns LdapType.Inactive (1).

I haven't checked the source yet, but something is off. Could it be that it's a binary add, so if a user that does authentication and is integrated, we have 0x01 & 0x10 = 0x10 and thus it's merely the "Unknown" that has me confused and it really means "the user is active and also does ldap authentication"

5 Replies 5

lindborg
Cisco Employee
Cisco Employee

0,1,2,4 and the only legal values but there was a data dictionary floating around at one point that had 3 (combo of 1 and 2) for synch and authenticate - I don't think that ever saw the light of day as a concept so I just left 3 defined and put it as unknown. 

stephan.steiner
Spotlight
Spotlight

But why are all my users that are synced and can authenticate the value 3? That seems to suggest that this value is alive and kicking. Unknown just really threw me given that everything is fine and proper with those users.

Looking at the data dictionary for 10.5.2 (included in CUDLI if you're interested) the LdapType has this entry:

Type Name: LdapType

Description: LDAP configuration information for a user.

Values:

Value: 0

Name: None

Description: User does not have LDAP enabled.

Value: 1

Name: Sync

Description: LDAP synchronization enabled.

Value: 2

Name: Authenticate

Description: LDAP authentication enabled.

Value: 4

Name: Inactive

Description: LDAP is enabled but temporarily inactive for the user.

=============

So 3 is a combination of 1 and 2 (bit flag field) - hence no entry for 3 explicitly.  I pull most of the descriptions right from the data dictionary, hence the 3 not being explicitly called out. 

So my suspicions were correct (I didn't bother checking CUDLI though as you know I've been horsing around with it a bit )

Shouldn't the enum then maybe be renamed to something like AuthenticationAndSync so that it is more descriptive (given that there's no official name something has to be made up). The name of the value 3 first threw me and I suppose I'm no the only one.

ghinson
Level 1
Level 1

I ran across this thread while attempting to extract data from a Unity Connection system via the CUPI API and I stumbled on the LdapType=3 instance. Like others in this thread I referenced the latest CUPI API documentation for an indication of what 3 actually means, and found no reference to 3. In my original setup, my users were LDAP integrated and authenticated. It did appear as if 3 is implied to be the sum of flags of 1(LDAP sync enabled) and 2(LDAP auth enabled) as others have pointed out, however when I disabled the authentication option and ran the API data pull a second time, the LdapType remained at 3 for LDAP-integrated users, with authentication disabled. I tried restarting dirsync and deleting my LDAP integration and re-adding it (with LDAP authentication turned off) and LdapType status for LDAP users remains at 3. Not sure what this means, meaning I guess it could be multiple possibilities for LdapType=3:

a) the LdapType update is sticky and stays at 3 for instances where authentication is currently or previously enabled at any time in the past

b) 3 is the new 1

c) I discovered a new Cisco bug with Unity Connection

d) Having authentication enabled, then later unchecking "Use LDAP Authentication for End Users" requires a cluster-wide reboot before LdapType is updated. This isn't documented anywhere in the notes I could find online so if this is the case, I'm chalking this up to possibility c, above.

 

If anyone else can explain this anomaly, I would be interested in their experience with the CUPI API on this variable.

 

In the meantime, I just added 3 to my if/then logic to note the user as "LDAP Integrated" when LdapType values 1 or 3 are present.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: