Unity Connection with Active Directory

Unanswered Question
Jan 24th, 2010

Hello,

We are integrating UC with AD in the lab. The issue is that whenever a user changes his password at the AD, the IMAP account in outlook always complains. But if the same user logins via PCA, he never has an issue with the password.

If we reimport the user, the new password works at IMAP.

Any idea, why changing password is causing IMAP to fail in authenticating with the AD.

We have 24 hours sync time and IMAP client is pointing to UC for import and export the voice mail

.

Thanks,

Hasan

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Ginger Dillon Wed, 01/27/2010 - 08:17

Hi -

I believe this is working as designed - check out this link - http://www.cisco.com/en/US/docs/voice_ip_comm/connection/7x/user_mac/guide/7xcucmac040.html#wp1266550

"For users who are able to access voice messages in an IMAP client, make sure that they understand that whenever they change their Cisco PCA password in the Cisco Unity Assistant, they also must update the password in their IMAP client. Passwords are not synchronized between IMAP clients and the Cisco PCA. If users have trouble receiving voice messages in an IMAP client after having updated their Cisco PCA password in both applications, see the "Troubleshooting IMAP Client Logon Problems" section in the "Configuring an Email Account to Access Cisco Unity Connection Voice Messages" chapter of the User Workstation Setup Guide for Cisco Unity Connection."

Hope this helps, Ginger

hasankhan2009 Wed, 01/27/2010 - 08:25

No this is not the case. What you are describing is the case when UC is not connected to the AD. If we use Active Directory then user even could change the password at windows level and this password should be applied for PCA and IMAP client as well. I have worked on this with Cisco TAC and they confirm that this is a bug in UC. The work around is available but for work around you need Cisco TAC as it needs to create a root account in the system.

Tommer Catlin Wed, 01/27/2010 - 16:14

CUCM or CUC does not sync any passwords to its local informix database.  Its a challenge / response type of authentication.  For example:

If a user tries to log into PCA or ccmuser page, CUC or CUCM will make an LDAP call to AD and ask for authentication.  AD will reply with a message saying yes or no to authenticate.

Outlook is just clunky.  If the password is changed in AD, the user has to manually change it in the IMAP profile.  There is no automatic way for this to happen.

hasankhan2009 Thu, 01/28/2010 - 07:37

Yes that is correct. But the outlook is pointing towards to UC publisher which is supposed to forward the request to the AD. If the request is not forwarded then AD or outlook could not do any thing.

Actions

This Discussion

Related Content