CCM5.1, LDAP manager account with read privilege

Answered Question
Sep 4th, 2007
User Badges:

I created an account in AD to setup as LDAP manager in CCM but login failure with that account.


-account created in AD=CCMLDAPAdmin/12345

-in '/users' context, delegate 'Read' privilege to CCMLDAPAdmin


In CCM, set 'LDAP Manager Distinguised Name=CCMLDAPAdmin/12345' but I have the error message,


"Login Failure to Host ldap://10.1.10.11:389, Please Re-Enter LDAP Manager Distinguished Name and Password"


Please advise why login failure with the account 'CCMLDAPAdmin'


Thanks in advance,

Correct Answer by mchandak about 9 years 8 months ago

I've seen this before and the issue is that when configuring CM to work with this, you need to mention the Canonical Name (CN) and not the Login ID. In most cases, the CN is the same as the Display Name of the user. To check for Cononical Name for the user, in ADUC, Select Advanced Options. Go to the User Properties and mention the Name mentioned after users "....users/XXXX XXXX"


Hope this helps

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
gogasca Tue, 09/04/2007 - 20:05
User Badges:
  • Green, 3000 points or more

Make sure the account is not locked and try to change the cn to other that doesnt include / and confirm the CN name.


torsten.brink Tue, 09/04/2007 - 23:13
User Badges:

Hello cjrchoi11,


I think you have to enter the full path into this field and not only the SamAccountName (UserID).


So here an example of what I?m talking about:


CN=Administrator,CN=Users,DC=test,DC=enviroment,DC=com


"CN=Administratior" can be adapted to your User CCMLDAPAdmin.


"CN=Users" is your directory in which your account is in.


"DC=test,DC=enviroment,DC=com" is your domain you have in this example "test.enviroment.com"


Please be carefull the entries are Case-Sensitive.


Good luck in advance



Best regards


Torsten




cjrchoi11 Wed, 09/05/2007 - 01:30
User Badges:

Thanks guys,


let me describe in detail,


1. create an account in AD as name 'CCMLDAPAdmin' which copy from 'administraor'


2. configure in CCM

-ldap distinguished name: cn=CCMLDAPAdmin,cn=users,dc=ucdemo,dc=com

-ldap password: ****

-ldap user search base: dc=ucdemo,dc=com


3. I'm sure the account 'CCMLDAPAdmin' is not locked and correct password but always 'login failed' error message.


4. it works okay if I put 'administrator'. looks CCM doesn't like any account other than 'administrator'


CCM SRND recommends to use a dedicated account which has 'read' previlege for all users but I cannot achive....


Thanks in advance,

Correct Answer
mchandak Wed, 09/05/2007 - 06:14
User Badges:
  • Gold, 750 points or more

I've seen this before and the issue is that when configuring CM to work with this, you need to mention the Canonical Name (CN) and not the Login ID. In most cases, the CN is the same as the Display Name of the user. To check for Cononical Name for the user, in ADUC, Select Advanced Options. Go to the User Properties and mention the Name mentioned after users "....users/XXXX XXXX"


Hope this helps

cjrchoi11 Wed, 09/05/2007 - 18:47
User Badges:

Hey Mahesh,


it works with canonical name format.... I'm not MS (or LDAP) expert and couldn't find out this info.. Looks others are works with userID but why mine doesn't. my AD server is w2k-sp4.


BR, John

mchandak Thu, 09/06/2007 - 05:03
User Badges:
  • Gold, 750 points or more

Yes, Cm 5.x code looks to be changed such that it uses the CN which it should be using since we use the naming as cn.

Actions

This Discussion