cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
629
Views
15
Helpful
9
Replies

Not Working - Ext LDAP Directory for Cisco PCA Authentication Unity 5+

andgrim
Level 1
Level 1

Has anyone been able to configure the External LDAP option of PCA on Unity 5+ for user authentication (example to CUCM's LDAP or OpenLDAP?

I found the following documentation regarding this but have been unable to make PCA use LDAP, it keeps loading the logon domain option instead.

http://www.ciscounitytools.com/Documents/FL501LDAPauthentication.pdf

9 Replies 9

Tommer Catlin
VIP Alumni
VIP Alumni

PCA basically uses IIS. You will need to configure IIS for authentication. If you have VM only setup which it sounds like you do, you will need to create AD Trust between your VM only domain and your production AD domain.

Just my information and not disagreeing. But doesn't PCA use tomcat and redirectecd to IIS or something like that?

Randy

No worries. I just had to set this up for a customer so I know the dirty details. It's a pain. PCA can use SSL, which if you use SSL, it's IIS. If you dig around IIS, there is the PCA site. To log into the PCA, IIS passes the authentication to the local AD. AD authenticates, and PCA logs in.

To make cross domain logins work, you have to create an AD trust. Once the trust is created, the PCA user inputs their UN/PW and correct domain name. IIS passes the information to AD, AD calls into the other domain for authentication info, etc.

It's probably not documented that well because its really all just MSFT stuff to make it work.

My customer had Voicemail only setup. They wanted to use the PCA. But then we found out, you could not change the password without using SSL. So I had to buildout all the SSL stuff for PCA, and fix the IIS settings so it would work correctly. Super pain.

It look like in the \CommServer\cscoserv\ciscopca directory all the page files are java. I do believe it is tied to Tomcat for java (If I stop Tomcat the Page Loads but is Blank).

Also in that directory, there are a couple of files of interest...

ldapLogon.js (Ldap login)

./WEB-INF/struts-config.xml which references the ldapLogon.js.

If I could get the default PCA page to load the LDAP logon java script instead of the logon.js (MS Domain) I think that would make it work to the external LDAP server as configured by the tool \CommServer\TechTools\UnityLdapAuthSetup.exe

Cool I wasn't dreaming tomcat is invovled.

Thanks for the info Tommer and andgrim.

Randy - I gave five's to both of you. :-)

ok, but how does PCA know that you logged in with some account from another LDAP source that is tied to your Unity Account???

If you run the "\CommServer\TechTools\UnityLdapAuthSetup.exe" tool it prompts you to associate an Unity account to an external LDAP account. It looks like the association is stored in the SQL DB.

awesome.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: