Document ID: 30309
Contents
Introduction
Prerequisites
Requirements
Components Used
Conventions
Background Theory
Problem
Solutions
Incorrect Container
Deleted Container
Empty Fields
Related Information
Introduction
This document describes how to troubleshoot an inability to find users in the Enterprise Directory, after you install the Cisco CallManager Active Directory (AD) plugin.
Prerequisites
Requirements
This document assumes that AD plugin installation is successfully completed. For details on the installation procedure and integration of the Active or Netscape Directory with the existing directory, refer to the Active Directory 2000 Plugin Installation for Cisco CallManager document.
Components Used
The information in this document is based on these software and hardware versions:
-
Cisco CallManager 3.0(10) and above
Note: This plugin, which includes Netscape Directory Server and Microsoft Active Directory, is supported starting with Cisco CallManager version 3.0(10). If the plugin is used on an earlier version of Cisco CallManager, directory services may be unavailable to CallManager users. Even though the plugin can be found as early as 3.0(8), it does not work.
The information presented in this document was created from devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If you are working in a live network, ensure that you understand the potential impact of any command before using it.
Conventions
For more information on document conventions, refer to Cisco Technical Tips Conventions.
Background Theory
The Cisco Customer Directory Configuration Plugin is used to integrate Cisco CallManager with Enterprise Directory, and can be used if you do not want to use the embedded DC Directory. This plugin, which includes Netscape Directory Server and Microsoft Active Directory, installs only on servers that are running Cisco CallManager 3.0(10) or later. After the Lightweight Directory Access Protocol (LDAP) configuration completes, you can use the Corporate Directory service on your Cisco IP Phone Model 7940 or 7960 to look up users in the Enterprise Directory. You can also upload completed workflow application files to the directory. For further information, consult the installation guide for the release of Cisco CallManager you are using.
Problem
After running the AD plugin according to the instructions provided in the installation guide, you still cannot see users in the Enterprise Directory when searching.
Solutions
The solutions to this problem are explained in detail in this section.
Incorrect Container
During installation, the User Search Basis field may be pointing to a container that does not have any users. To resolve this, rerun the plugin to point to the correct container.
This error can also result when the User Search Basis field does not point at the proper level within the corporate tree structure during the install. If the User Search Basis is set to point to CN1 during installation, and users exist in both containers, neither the administrator nor users in CN2 are able to see each other. The plugin needs to be rerun one level higher; in the example shown here, it needs to be rerun at the Domain Level. Once this is done, the administrator should be able to view users in both containers.
Domain Level
| |
CN1 CN2
Deleted Container
The AD logs show this error:
CN=J01FLY-profile\DELa962e69d-38d0-4ab1-8b06-950b21f84e42,CN=Deleted Objects,DC=nrgenergy,DC=com
Note: The error above contains CN=Deleted Objects. This error means that the Organizational Unit (OU) the user was pointing to and a container in the AD structure have been deleted. Even though the container is deleted, it is still possible that the OU is showing up in the AD, meaning that it has been removed and recreated. For example, if the plugin is rerun, but the pointer for the user in question is corrupt, then trying to recreate the deleted container would not resolve the issue. The bad pointer must be removed.
Note: This error is not caused by the plugin.
In the CiscoAtUserProfile field of a user in AdsiEdit, a user that has "dn: cn=USERNAME-profile, [Delete SID]" points to a corrupted user. The corrupted field, "CiscoAtUserProfile", is accessed through AdsiEdit and must be removed completely. An example of this field is shown here:
CN=J01FLY-profile,[DEL?ebs4b5nskstl --- SID-like string]
Once this field is removed, you should be able to see the user.
Empty Fields
In AD, if the Last Name, First Name, or NT Alias field is empty, you are not able to see the user in a search of the Enterprise Directory. Populating all three fields allows users to be visible in a search.
Related Information
- Active Directory 2000 Plugin Installation for Cisco CallManager
- Active Directory and Cisco CallManager Integration Troubleshooting Guide
- Voice Technology Support
- Voice and Unified Communications Product Support
- Recommended Reading: Troubleshooting Cisco IP Telephony
- Technical Support - Cisco Systems
| Updated: Feb 03, 2006 | Document ID: 30309 |