Cisco Prime Collaboration Provisioning Guide, 9.5
Synchronizing Processors and Domains
Downloads: This chapterpdf (PDF - 333.0KB) The complete bookPDF (PDF - 4.05MB) | Feedback

Table Of Contents

Synchronizing Processors and Domains

Synchronizing Call Processors

Cisco Unified Communications Manager Objects that Are Synchronized

Synchronizing Unified Message Processors

Synchronizing Unified Presence Processors

Domain Synchronization

Synchronizing Domains

Business Rules for Domain Synchronization

Configuring Business Rules for Domain Synchronization

Scheduling Synchronization

Synchronizing an LDAP Server with Provisioning

Configuring LDAP Server Synchronization

Scheduling LDAP Server Synchronization

Viewing the LDAP Synchronization Report


Synchronizing Processors and Domains


There are three types of synchronizations in Provisioning:

Infrastructure Synchronization—Discovers all the objects in Cisco Unified Communications Manager that Provisioning uses and that are not specific to individual subscribers.

Subscriber Synchronization—Discovers all objects related to individual subscribers.

Domain Synchronization—Puts existing subscribers discovered during subscriber synchronization into the Domain and the appropriate Service Area.

To synchronize Processor, you synchronize the infrastructure and subscribers. The infrastructure data are the configurations that are required to exist on the processor before Provisioning can configure subscriber services.

Synchronizing the data in Cisco Unified Communications Manager and Cisco Unity systems with the Call Processors and Unified Message Processors, and then synchronizing with the Domains, populates Provisioning with the existing active users and services, and provides a consolidated view of all of the infrastructure and subscriber information.

Remember the following before running any synchronization:

Infrastructure and subscriber synchronizations retrieve information from the device. They are unidirectional synchronizations. Provisioning does not update devices during these synchronizations. Infrastructure and subscriber synchronizations should be completed on all devices before a Domain synchronization is started.

You can execute the synchronizations independently and in any order. However, to preserve the integrity of the data, it is recommended that you run the synchronizations consecutively, and in the following order:

a. Infrastructure synchronization.

b. Subscriber synchronization.

After a new Provisioning installation, the infrastructure synchronization must be executed first. You should not run more than one synchronization at a time (Processor or Domain synchronization).

After a Call Processor or Unified Message Processor is created and synchronized, do not change the type of device for the processor. For example, if you create a Call Processor for Cisco Unified Communications Manager, do not change the Call Processor type to Cisco Unified Communications Manager Express.

After a Domain synchronization, you can use Provisioning to directly manage the individual user account. You no longer have to use the underlying Cisco Unified Communications Manager or Cisco Unity systems.

Any out-of-band configurations (meaning configurations that are performed directly on the processor but not synchronized with Provisioning) can result in failed orders. You must always keep Provisioning synchronized with the processors that it is provisioning.

Synchronizing Call Processors

You use the infrastructure synchronization to synchronize the infrastructure data with the Call Processor infrastructure data. The infrastructure synchronization retrieves Call Processor information that is used across multiple subscribers.

For a list of the objects that Provisioning obtains the information for, see Cisco Unified Communications Manager Objects that Are Synchronized.

To synchronize call processors:


Step 1 Choose Design > Set Up Devices > Devices Setup > Call Processors.

Step 2 In the Call Processor Configuration page, click View Call Processor.

Step 3 In the search page that appears, select the Call Processor that you require from the listing of Call Processors available.


Note If the Call Processor was synchronized previously, the details are displayed in the Synchronization section.


Step 4 In the Options pane, click Synchronize.

Step 5 You can run an infrastructure or subscriber synchronization. Click Start under the synchronization that you desire.

After the synchronization has completed, the Synchronization section displays the synchronization information.

Step 6 Click Done.

After the Call Processor synchronization completes, a log is created, listing the objects that could not be assigned. It also shows a warning message if an unknown element is received from the Call Processor. This log is replaced each time a Call Processor synchronization occurs.


Note If you see the warning message "Skipped unexpected element," you can ignore it. The message indicates that Provisioning does not support the item that was sent back from Cisco Unified Communications Manager.


Step 7 In the right pane, click View Detailed Synchronization Log.

The View Detailed Synchronization Log link appears only if a warning or error occurs during synchronization. If there are no warnings or errors, it will not appear.

If the status of an infrastructure or subscriber synchronization does not change for an extended period of time, verify that the Nice service is running. If the Nice service is stopped, restart the service and restart the infrastructure or subscriber synchronization.

If you wish to manage the Analog Phones, you have to update the ipt.properties file. In this file, update the dfc.ipt.cisco.callmanager.analog_phone_support to Y and then do the subscriber synchronization. Please restart the Provisioning.


For the list of call processor objects that Provisioning synchronizes, see Table 5-1 and Table 5-2.

Cisco Unified Communications Manager Objects that Are Synchronized

Table 5-1 and Table 5-2 list the Cisco Unified Communications Manager objects that are synchronized during an infrastructure and subscriber synchronization in Provisioning.

Table 5-1 Cisco Unified Communications Manager Objects Synchronized During an Infrastructure Synchronization 

AAR Group

Call Park

Calling Search Space

Unified CM Group

Call Pickup Group

Common Device Config

Conference Bridge

Date Time Setting

Device Pool

Device Profile

Dial Plan

Dial Plan Tag

Digit Discard Instruction

Enable Password Router

Gatekeeper

Geo Location

Geo Location Filter

Hunt Group

Hunt List

Hunt Pilot

H323 Gateway

H323 Trunk

Line Group

Location

Media Resource Group

Media Resource List

Meet-Me Number/Pattern

Message Waiting

MOH Audio Source

Phone Profile

Phone Template

Presence Group

Region

Remote Destination Profile

Resource Priority Namespace List

Route Filter

Route Group

Route List

Route Partition

Route Pattern

SIP Trunk

SIP Profile

Softkey Template

SRST

Translation Pattern

UC Service Profile

VG202

VG204

VG224

VGVoicemail Pilot

Voicemail Port

Voicemail Profile


Table 5-2 Cisco Unified Communications Manager Objects Synchronized During a Subscriber Synchronization 

Calling Search Space

Device Pool

Directory Number

IP Phone

License Capabilities

Line

Location

Phone

Remote Destination Profile

Remote Destination Profile Line

User


Troubleshooting Call Processor Synchronization

If you encounter problems when synchronizing Call Processors, you can troubleshoot synchronization.

The Call Processor Configuration page lists items that could not be synchronized from the Cisco Unified Communications Manager device. For example, on the page, you might see the following message:

Completed. But the following objects could not be synchronized: [SecurityProfile, 
DialPlanTag, SIPTrunk, PhoneTemplate, DigitDiscardInstruction]
 
 

Incomplete synchronization can occur because of the following:

Network problems that did not allow the items to be properly synchronized. To determine if this is the cause, analyze the nice.log file. A network problem might be the cause if the file displays the following information:

java.security.PrivilegedActionException:com.sun.xml.messaging.saaj.SOAPExceptionImpl:M
essage send failed.
 
 

Configuration issues with the items. In this case, copy the nice.log file and contact the Cisco Technical Assistance Center (TAC).

Synchronizing Unified Message Processors

You use the infrastructure synchronization to synchronize the unified messaging infrastructure data in Provisioning with the Unified Message Processor.

The infrastructure data consists of the following:

SubscriberTemplate—A Subscriber Template in Cisco Unity, Cisco Unity Connection, and the email message processor.

UnifiedMessagingFeatureSpecification—A class of service in Cisco Unity, Cisco Unity Connection, and the email message processor.

You use the subscriber synchronization to synchronize the unified messaging subscriber data in Provisioning with the Unified Message Processor.

The subscriber data consists of the following:

UMInfo—A subscriber in Cisco Unity, Cisco Unity Connection, and Cisco Unity Express in conjunction with their subscriber's voicemail and email information.

VoiceMailInfo—A subscriber in Cisco Unity, Cisco Unity Connection, and Cisco Unity Express in conjunction with UMInfo and EmailInfo.

EmailInfo—A subscriber in Cisco Unity and Cisco Unity Connection in conjunction with VoiceMailInfo and UMInfo.


Step 1 Choose Design > Set Up Devices > Unified Message Processor.

Step 2 In the Unified Message Processor Configuration page, click View Unified Message Processor.

Step 3 In the search page, select the Unified Message Processor that you require.

The View Unified Message Processor page appears. If the Unified Message Processor was synchronized previously, the details will be displayed in the Synchronization sections.

Step 4 In the Options pane, click Synchronize.

Step 5 You can run an infrastructure or subscriber synchronization.

Step 6 Click Start under the synchronization that you desire.

After the synchronization has completed, the Synchronization section displays the synchronization information.


Note If during the synchronization of Cisco Unity Express you encounter device connection errors, close all Telnet sessions on the Cisco Unity Express system and restart the synchronization. Cisco Unity Express only allows one Telnet session at a time. Provisioning cannot synchronize with a Cisco Unity Express device that has another telnet session open.


Step 7 Click Done.

After the Unified Message Processor synchronization completes, a log is created, listing the objects that could not be assigned. It also shows a warning message if an unknown element is received from the Unified Message Processor. This log is replaced each time a Unified Message Processor synchronization occurs.

Step 8 In the right pane, click View Detailed Synchronization Log.

The log appears. The View Detailed Synchronization Log link appears only if a warning or error occurs during synchronization. If there are no warnings or errors, it will not appear.


Note If you see the warning message "Skipped unexpected element," you can ignore it. The message indicates that Provisioning does not support the item that was sent back from Cisco Unified Communications Manager.



Synchronizing Unified Presence Processors

Use the Infrastructure synchronization to synchronize the User Settings Infrastructure data in Provisioning with the Unified Presence Processor.


Note Add Cisco Unified Communications Manager, integrated with Unified Presence Processor to Provisioning before running the synchronization.


The infrastructure synchronization process is a one-directional process. Provisioning only gets data from the device; it does not push data to the device.

You should not run more than one synchronization at a time (Processor or Domain synchronization).

To perform Infrastructure synchronization:


Step 1 Choose Design > Set Up Devices > Unified Presence Processor.

Step 2 In the Presence Processor Configuration page, click View Presence Processor.

Step 3 Select the Unified Presence Processor that you require.

The View Presence Processor page appears. If the Unified Presence Processor was synchronized previously, the details will be displayed in the Synchronization section.

Step 4 In the Options pane, click Synchronize.

Step 5 Click Start to run infrastructure synchronization.


Note Cisco Unified Presence 9.0 and higher versions are integrated with Cisco Unified Communications Manager. Due to this, Subscriber synchronization will be disabled for Cisco Unified Presence 9.0 and higher versions, and subscriber information will be directly synchronized from Cisco Unified Communications Manager.


Step 6 Click Done.

After the Presence Processor synchronization has completed, a log is created, listing the objects that could not be assigned.

After the Unified Presence Processor synchronization completes, a log is created, listing the objects that could not be assigned. It also shows a warning message if an unknown element is received from the Unified Presence Processor. This log is replaced each time a Unified Presence Processor synchronization occurs.

Step 7 In the right pane, click View Detailed Synchronization Log.

The View Detailed Synchronization Log link appears only if a warning or error occurs during synchronization. If there are no warnings or errors, it will not appear.


Note If you see the warning message "Skipped unexpected element," you can ignore it. The message indicates that Provisioning does not support the item that was sent back from Cisco Unified Communications Manager.



Domain Synchronization

Domain synchronization aggregates data from the processor synchronizations. Devices are not accessed during a Domain synchronization.

During a Domain synchronization, Provisioning does the following:

Associates the voicemail, email, and unified messaging data in the Unified Message Processor with the user information in Provisioning.

Synchronizes the assigned voicemail directory numbers in the Unified Message Processor to those in the Call Processor.

Synchronizes subscribers and their ordered products with the Provisioning inventory, creates new subscribers, and updates their subscriber records.

Synchronizes user accounts and updates Provisioning so that users can log in (logins are created only if the self-care rule is enabled; see Table 6-7).

Associates services to Service Areas.

Business rules determine the criteria used for synchronizing Domains (see Business Rules for Domain Synchronization).

To fully synchronize a Domain, you must do the following:

1. For each Call Processor in the Domain, perform an infrastructure and subscriber synchronization.

2. For each Unified Message Processor in the Domain, perform an infrastructure and subscriber synchronization.

3. Perform a Domain synchronization.


Note If a Call Processor or a Unified Message Processor in the Domain is synchronized, it is recommended that a Domain synchronization also be done.


While running Domain synchronization, remember the following:

If you use a subscriber synchronization on Cisco Unified Communications Manager Express to add subscribers to Provisioning, the first name, last name, phone number, and department data are not obtained by Provisioning. The Manage Subscriber page displays "Unknown" in these fields.

You can update the subscriber information through Provisioning, but be aware that this information will be pushed to the Cisco Unified Communications Manager Express system, and will overwrite any existing information for the user in the ephone description field.

You should not run more than one synchronization at a time (Domain or Processor synchronization). Run all synchronizations sequentially.

If a Cisco Unified Communications Manager Express is the only device present in a Domain and Service Area, during Domain synchronization subscribers are not created in Provisioning if the ephone username command is not configured in Cisco Unified Communications Manager Express. Make sure the ephone username command is configured in Cisco Unified Communications Manager Express for all subscribers.

If more than one matching Service Area is found for a Phone, Soft Phone, Line, EM Line, or Device Profile, Provisioning assigns them to the first matching Service Area, and a warning message appears in the Domain Synchronization log. (See Deleting a Domain.)

A device profile is added to a subscriber's record as an Extension Mobility Access product only if the device profile is subscribed to the extension mobility service in Cisco Unified Communications Manager.

Service Area matching for Remote Destination Profile is based on the Device Pool and Calling Search Space (Device) of the Remote Destination Profile.

If the Cisco Unified Communications Manager and Cisco Unified Presence added to the service area are upgraded to 9.0 versions, the following products will be removed from the subscriber records:

Enable Presence

Enable Presence Client

Client User Settings

The subscriber records will be updated with the User Services product details.

If a Service Area has Cisco Unified Communications Manager 8.x and Cisco Unified Presence 8.x, then Enable Presence, Enable Presence Client, and Client User Settings product details will be retained in the subscriber records.

Provisioning allows you to provision device profiles with services enabled or disabled at enterprise level. If a device profile has associated services, the device profile will be associated to a subscriber only if a matching service URL is found.


Note Extension Mobility service can be associated to a subscriber, even if the device profile has no associated services or if the services are enabled at enterprise level.


Table 5-3 lists the attributes used to find a matching Service Area during Domain synchronization.

Table 5-3 Attributes Matching Service Area 

Processor Type
Product
Attributes Matching Service Area

Call Processor

Phone

DevicePool

Common Device Config

Calling Search Space (Device)

Location

Phone Protocol

Line

DevicePool

Common Device Config

Calling Search Space (Line)

Location

Route Partition

Protocol

Voice Gateway References

Unified Message Processor (Voicemail)


Note Though Line belongs to the Call Processor, it is dependent on the Unified Message Processor for Voicemail.


Email Processor (Email)


Note Though Line belongs to the Call Processor, it is dependent on the Email Processor for Email.


Soft Phone

Extension Mobility Access

Extension Mobility Access Line

Calling Search Space

Route Partition

Mobility

Remote Destination Profile

Device Pool

Calling Search Space (Device)

Enable Presence Client

Unified Presence Processor (Client User Settings).

Enable Presence Client is associated with the Client User Settings product.

Though Enable Presence belongs to Call Processor, it is dependent on the Unified Presence Processor for Client User Settings.

Note Enable Presence, Enable Presence Client, and Client User Settings products are available only for Cisco Unified Presence 8.x.

User Services

Unified Presence Processor

Client User Settings

Unified Message Processor

Unified Messaging Info

This product is added to the Service Area that is set on its associated email or voicemail product.



Note During domain synchronization, Enable Mobility Support, User Services, and Enable Softphone Support products are assigned to the first matching Service Area that is associated to the same Call Processor as that of the user. In a Domain, there might be multiple Service Areas associated to the same Call Processor, but Provisioning assigns these products (Enable Mobility Support, Enable Softphone Support, and User Services) only to the first matching Service Area in the Domain.


Synchronizing Domains

To synchronize domains:


Step 1 Choose Design > Set Up Deployment > Domains.

Step 2 From the Domain Configuration page, click View Domain.

Step 3 From the search page, select the Domain that you require.


Note If the Domain was synchronized previously, the details are displayed in the Last Synchronization section.


Step 4 In the Options pane of the View Domain page, click Synchronize.


Note Domain synchronization cannot be started without configuring synchronization rules. Configure the synchronization rules and then proceed; see Business Rules for Domain Synchronization.


Step 5 Click Start. After the synchronization has completed, the Last Synchronization section displays the synchronization information.

Step 6 Click Done. After the Domain synchronization completes, a log is created, listing the objects that could not be assigned; see Deleting a Domain. The log lists the products that could not be assigned to a Service Area during a Domain synchronization. This log is replaced each time a Domain synchronization occurs.

Step 7 Click View Detailed Synchronization Log at the bottom of the page to view the log details.

For explanations of the log messages, see Domain Synchronization Log Messages).


Business Rules for Domain Synchronization

Business rules determine the criteria used for adding users to a Domain.


Note Be aware that if you run a Domain synchronization and then change the configured Domain rule to Non-RestrictedDomainSync and then run another Domain synchronization, any services that were not previously synchronized will be placed in a Service Area based on the Non-RestrictedDomainSync rule (see Table 6-7).


For a Domain synchronization to work properly, you must configure at least one of the following five rules:

AssociateAllUsersInCallProcessor—If enabled, all user accounts in all of the Call Processors in the Domain are assigned to the Domain being synchronized. This rule overrides the AssociateUsersByDeptCode rule.

AssociateOnlyExistingUsers—If enabled, the Domain synchronization does not create new users. Only services of existing users in the Domain are synchronized.

AssociateUsersByDeptCode—If enabled, the Domain synchronization associates only the Call Processor user accounts whose department code matches one in the list specified in the rule configuration.

AssociateUsersByLocation—If enabled, the Domain synchronization associates only the Call Processor user accounts whose phone location matches one in the list specified in the rule configuration.

AssociateUsersByDevicePool—If enabled, the Domain synchronization associates only the Call Processor user account whose Phone or Remote Destination Profile has a device pool value that matches one in the list specified in the rule configuration.

The rest of the Domain synchronization rules coreside (do not have a priority level) with the above rules.

Following are the coresident Domain synchronization rules:

AssociateAllUsersInUMProcessor—If this rule is enabled, all user accounts in a given Unified Message Processor are assigned to a Provisioning Domain. Otherwise, only user accounts in the given Unified Message Processor with a matching Call Processor user account are assigned.

TakePrimaryUserInfoFromUMProcessor—If enabled, user and subscriber information is updated from the associated Unified Message Processor account; otherwise it is updated from the Call Processor.

Non-RestrictedDomainSync—If enabled, Domain synchronizations are performed when the rules for some of the Domain synchronization operations are reduced. The Non-RestrictedDomainSync business rule determines to which Service Area a subscriber's services are added. For more information, see Table 6-7.


Note If you try to run a Domain synchronization when none of the required rules are enabled, a message appears in the Synchronize Domain page stating that you are required to enable one of the rules. You can click the Configure Synchronization Rules link on this page to open the Configure Domain Sync Rules page, where you can configure the desired Domain synchronization rule. For more information, see Domain Synchronization.


If more than one of the required rules are enabled, only one of the rules will be in effect.

The rule priority is applied in the following order:

1. AssociateAllUsersInCallProcessor

2. AssociateOnlyExistingUsers

3. AssociateUsersByDeptCode

4. AssociateUsersByDevicePool

5. AssociateUsersByLocation

If the first rule (AssociateAllUsersInCallProcessor) is enabled, the settings of all the other rules are ignored. If the second (AssociateOnlyExistingUsers) rule is enabled, the settings for the last three rules are ignored. The last three rules are additive, meaning that if two of the rules are enabled, then only users that satisfy both constraints are synchronized.

Configuring Business Rules for Domain Synchronization

You configure Domain synchronization business rules much in the same way that you configure all other business rules, but all the Domain synchronization rules are located together on a single page (Configure Domain Sync Rules page).


Tip A description of each business rule appears when you place your curser over the information icon next to the rule.



Step 1 Choose Administration > System Setup > Provisioning Setup > Provisioning Rules.

Step 2 In the Rule Configuration page, select the Domain that you want to change the rule for.

Step 3 Click Configure Domain Sync Rules.

All Domain synchronization rules appear on Configure Domain Sync Rules page.


Tip You can also access this page from the Synchronize Domain page.


Step 4 Make the required changes.

You must select one of the Call Processor synchronization rules. If you select AssociateUsersByOtherAttributes, you must select at least one of the rules that are listed under AssociateUsersByOtherAttributes.

For more information on setting Domain synchronization Business Rules for Domain Synchronization

Step 5 Click Update.


Example of Configuring Business Rules for Domain Synchronization

Suppose a Domain has three Call Processors (CCM1, CCM2, and CCM3) and the following rules are enabled:

AssociateUsersByDeptCode—Configured with Dept1.

AssociateUsersByDevicePool—Configured with CCM2:DevicePool2;CCM3:DevicePool3.

AssociateUsersByLocation—Configured with CCM3:Location3.

When the Domain is synchronized, the following users are synchronized:

CCM1—Users with the department code Dept1.

CCM2—Users with the department code Dept1 and phones with the device pool DevicePool2.

CCM3—Users with the department code Dept1, phones with the device pool DevicePool3, and the location Location3.

Some more examples on when you could enable the following domain synchronization rules:

During synchronization, which Domain should Provisioning put Cisco Unified Communications Manager users in?

AssociateUsersByDeptCode

During a Domain synchronization, do you want all of the subscriber accounts in all of the Call Processors in the Domain assigned to the Domain being synchronized?

AssociateAllUsersInCallProcessor

During synchronization, do you want all the subscriber accounts in a given Unified Message Processor assigned to a Domain?

AssociateAllUsersInUMProcessor


Note For more information on business rules for Domain synchronization, see Business Rules for Domain Synchronization.


Domain Synchronization Log Messages

This section provides explanations for some of the messages that can appear in the Domain Synchronization Log report.

The Phone SEP123123123123 could not be added to the customer record because a service area with the following properties could not be found:
Call Processor: TestCCM
Voice Device Group: TestVDG
Call Search Space: TestCSS
Location: Hub_None

The phone could not be assigned to a Service Area with the listed settings.

To fix this problem, either create a Service Area with the same settings or change the phone settings on Cisco Unified Communications Manager.

Duplicate username encountered. So skipping the creation of this user: TestUser from the Call Processor: TestCCM

Indicates that another user exists in Provisioning with the same ID, but the ID uses a different case. Services which belong to this user will not be synchronized.

To fix this problem, remove one of the users from Cisco Unified Communications Manager.

No matching voice mail info found for directory number 123400000

The synchronization could not find a voicemail for the directory number. This problem can occur when either a synchronization was not run on the Unified Message Processor (so the voicemails are not present in Provisioning), or there is no Service Area with the directory number's Call Processor, route partition, and voicemail's Unified Message Processor.

To fix this problem, either run a subscriber synchronization on the Unified Message Processor, or create a Service Area with the correct settings.

The device profile line Line 1 - 123400000 could not be added to the customer record because a service area with the following properties could not be determined in the domain Cisco:
Call Processor: TestCCM
Route Partition: null
Call Search Space (Line): TestCSS

A device profile line could not be assigned to a Service Area with the listed settings.

To fix this problem, either create a Service Area with the same settings or change the line settings on Cisco Unified Communications Manager.

Scheduling Synchronization

Provisioning provides a command line script utility that can be used to schedule periodic processor and Domain synchronizations. The synchronization script enables you to regularly schedule a subset of the synchronization operations at different periodic intervals and across multiple time zones. The sync.sh file is available at /opt/cupm/sep/build/bin/ folder.

To schedule synchronization:


Step 1 Login to the Provisioning server as root using SSH.

Step 2 Enter crontab -e to edit a copy of the crontab file in vi editor.

Step 3 Press the i key to enter insert mode.

Step 4 To run synchronization at regular intervals, enter the following:

minute hour day-of-the-month month day-of-week command-to-be-executed 
 
 

where:

Minute—Valid range is from 0 to 59.

Hour—Valid range is from 0 to 23.

Day of the month—Valid range is from 1 to 31.

Month—Valid range is from 1 to 12.

Day of the week—Valid range is from 0 to 6 (Sunday = 0).

For example, to run Call Processor synchronization at 3:24 pm every day, enter the following:

24 15 * * * /opt/cupm/sep/build/bin/sync.sh callprocessor

To run Message Processor synchronization at 8:24 pm every day, you would enter the following command:

24 20 * * * /opt/cupm/sep/build/bin/sync.sh messageprocessor

See Command Line Script Utility Options for information on Command Line Script utility options.


Note Run man 5 crontab for information on other cron commands.


Step 5 Press ESC key to exit insert mode, and then press : to enter the command line.

Step 6 Enter wq to write and quit the editor.

Step 7 Enter crontab -l to see if the file is saved.


Command Line Script Utility Options

The command line script utility options are as follows:

Mass Sync Usage: ./sync.sh [callprocessor | messageprocessor | presenceprocessor | activedirectory | domain | all] [<option>]

Mass Synchronization invokes synchronization operations for all objects of the specified class. Both infrastructure and subscriber synchronizations run for each processor. The order of the synchronization is as follows: call processor, unified message processor, presence processor, and then domain.

Granular Sync Usage: ./sync.sh [-g <filename>] [<option>]

Granular Synchronization invokes synchronization operations that are specified in a formatted file, where

<filename>is a text file that has lines of the appropriate format: <object class>.<object name>: <sync type> that is,

cp.Test-UCM: infra

mp.all: sub

pp.all: bothequivalent to the [presenceprocessor] mass sync

ad.all:ActiveDirectory mass sync

domain.Test-Dom:

<option>(Optional field) the following are available as options:

testAllows a script to run without performing any syncs, but list the processors and Domains that will be synchronized.

abortonfail—Instructs the script to quit after a synchronization failure. If this parameter is not specified, the sync script will continue on success or failure.

forcedomainsync—Allows the domain sync to be performed even if one of the devices in the domain had a failed sync. If this parameter is not specified, then the domain sync will not proceed if there are device sync errors.

parallel—runs the device syncs in parallel

help—Displays usage information.

For example, if you want to run granular synchronization at 1:15 pm every Saturday, enter the following command:

15 13 * * 6 /opt/cupm/sep/build/bin/sync.sh -g granularsyncfilename.txt

Synchronizing an LDAP Server with Provisioning

You can synchronize the information in a Lightweight Directory Access Protocol (LDAP) server with Provisioning. Provisioning can use this information to create new subscribers, update existing subscriber information, or delete subscribers. You configure the LDAP server synchronization to determine which actions should be performed.

For information on setting up Provisioning to use an LDAP server, see Configuring Provisioning to Use AAA Servers.

Table 5-4 describes the fields for configuring LDAP server synchronization.

Table 5-4 Update LDAP Services Settings Page Fields 

Field
Description

Mode

Authentication Only—The LDAP server is used only for user authentication.

Authentication and Synchronization—The LDAP server is used both to provide user authentication and to obtain user information.

Update Existing User Details

All fields—If any user information is changed in the LDAP server, the same information is updated in Provisioning.

Do not update—User information in Provisioning is not updated when there are changes to the user information in the LDAP server.

Delete Users

Do not delete—When a user is deleted in the LDAP server, the corresponding user/subscriber in Provisioning is not deleted.

Delete user only—When a user is deleted in the LDAP server, the corresponding user is deleted in Provisioning only.

Delete users with service—When a user is deleted in the LDAP server, only the corresponding user service is deleted in the device and in Provisioning. The user is not deleted in the device, but is deleted in Provisioning.

User Search Base

The user search base. Provisioning searches for users under the base. CN-Users, DC-Cisco, DC-com.

This search base is used only for LDAP synchronization; it is not used for authentication.

In the Microsoft Active Directory server, you can use the command dsquery user to list the complete user search base.

Field Mapping

Lists which user fields in Cisco Unified Communications Manager correspond to certain LDAP user fields. The only fields you can configure in Provisioning are the following:

Contact phone number—Select either telephone number or ipPhone.

Contact email—Select either mail or sAMAccountName.

For a list of all field mapping between Cisco Unified Communications Manager and LDAP, see Table 5-5.

Filter Query for Synchronization

Synchronize all users—All users will be synchronized.

Simple query—You can configure a query by using a combination of the following fields:

User ID

Department

Contact phone number

Contact email

You can use an asterisk (*) for a partial string search.

Advanced query—You can enter any LDAP query; for example:

(&(sAMAccountName=johndoe)(department=Cisco*)(mail=john@cisco.com)).


Table 5-5 lists the field mapping between Provisioning and the LDAP server. The data in the specified Provisioning field is synchronized with the user data in the corresponding LDAP field.

Table 5-5 LDAP Field Mapping 

Provisioning Field
LDAP Field

Phone Number

telephoneNumber or ipPhone number.

Email

mail or sAMAccountName.

User ID

sAMAccountName.

Subscriber ID

Subscriber ID can be mapped to the following fields in LDAP server:

employeeNumber

mail

sAMAccountName

telephoneNumber

userPrincipalName

First Name1

givenName.

Last Name1

sn.


Configuring LDAP Server Synchronization


Step 1 Choose Design > Set Up Deployment > Domains.

Step 2 From the Domain Configuration page, click View Domain.

Step 3 From the search page, select the Domain that you require.

Step 4 In the Options pane of the View Domain page, click LDAP Services.

Step 5 From the View LDAP Services Settings page, click Update Services Setting.

In the Update LDAP Services Settings page, you configure the information Provisioning gets from the LDAP server. (For descriptions of the fields in this page, see Table 5-4.)

Step 6 For all the changes on the LDAP server to be synchronized to Provisioning, select the following:

Mode—Authentication and Synchronization.

Update existing user details—All fields.

Delete Users—Delete Users with Services.

User Search base—Enter a user search base.

Filter query for sync—Synchronize all users.

Step 7 Click Save.

Step 8 On the View LDAP Services Settings page, click Start.

The synchronization starts.


Scheduling LDAP Server Synchronization


Step 1 Choose Design > Set Up Deployment > Domains.

Step 2 From the Domain Configuration page, click View Domain.

Step 3 From the search page, select the Domain that you require.

Step 4 In the Options pane of the View Domain page, click LDAP Services.

Step 5 From the View LDAP Services Settings page, click Synchronize Server.

Step 6 From the Synchronize LDAP Server page, click Set Schedule.

Step 7 From the Set LDAP Synchronization Schedule page, configure the scheduling parameters, and click Save.


Viewing the LDAP Synchronization Report

After an LDAP synchronization occurs, a report is created. The report lists the operations that could not be performed during the synchronization. Operation failure can be due to incorrect data entered into the LDAP server or incorrect user settings.


Step 1 Choose Design > Set Up Deployment > Domains.

Step 2 From the Domain Configuration page, click View Domain.

Step 3 From the search page, select the Domain that you require.

Step 4 In the Options pane of the View Domain page, click LDAP Services.

Step 5 From the View LDAP Services Settings page, click View AAA Synchronization Report.

The LDAP synchronization report appears (for explanations of the messages in the report, see LDAP Synchronization Report Description).


LDAP Synchronization Report Description

This section provides explanations for some of the messages that can appear in the LDAP Synchronization report.

The following users were not created because they are already present in another Domain: user1, user2

The listed users are present in the LDAP server, but could not be created in Provisioning in the current Domain, because they are already present in another Domain.

To fix this problem, delete the users from the other Domain and run the LDAP synchronization again.

Deletion of User and associated services failed for the following users: UserId, OrderId, Status

This message appears when Delete user with Services is enabled, and deleting the user and services from the device and from Provisioning fails. In order to delete the services in a device, a single order is created for each user and the order status is shown in the above report with the order ID. You have to manually delete these users and corresponding services. You can click on the link provided for the user ID in the above report to access these subscriber records.

The following user and associated services were deleted successfully: UserId, OrderId, Status

This message appears when Delete user with Services is enabled, and deleting the user and services from the device and from Provisioning succeeds.

The following users were not deleted because the delete option was not set: user1 user2

The users were deleted in the LDAP server, but they were not deleted during the LDAP synchronization, since Do not delete is enabled.

To fix this problem, enable either the Delete user with Services option or Delete user only option and run the LDAP synchronization again.

Synchronizing Special Directory Numbers

Prior to the Provisioning 9.5 release, Provisioning synchronized only those devices whose endpoints were managed by Provisioning and did not have a complete knowledge of the directory numbers (DNs) configured by Cisco Unified Communications Manager. There might be instances of a few special DNs configured on Cisco Unified Communications Manager.

In Provisioning 9.5, all special DNs, as part of Cisco Unified Communications Manager subscriber synchronization, will be synchronized, through which line provisioning validates the order before submission.

Special DNs:

The DN features that are present in Cisco Unified Communications Manager but not managed by Provisioning; for example, Intercom DN.

The DN attached to endpoints that are not managed by Provisioning.


Note Provisioning provides limited support of endpoints and it does not support all endpoints available in Cisco Unified Communications Manager.


Provisioning and Special DN conditions:

Any provisioning activity carried out from Provisioning (which tries to reuse special DN's) will result in provisioning failure.

When the provisioning line is auto-assigned, Provisioning would skip if the DN is already used.

When the provisioning line is chosen manually, Provisioning would throw an error during provisioning.

This way, the provisioning orders are validated from Provisioning, rather than submitting it to Cisco Unified Communications Manager which results in failure.

This feature will be disabled by default. To enable this feature, please add the following property in $CUPM\sep\ipt.properties file:

dfc.ipt.cisco.ccm.sync.orphanDN=true