Need help in CUCM LDAP Auth

Answered Question
May 26th, 2010
User Badges:
Correct Answer by David Hailey about 7 years 3 days ago

Well, that was my next suggestion - sounds like you got that figured out.  SamAccountName it is, right?


Hailey

Correct Answer by Jonathan Schulenberg about 7 years 3 days ago

Have you delegated authority for that account to Read All Attributes on the user objects of the search base OU (and children)? The UPN attribute may not be accessible to the average LDAP query.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (3 ratings)
Loading.
Jonathan Schulenberg Wed, 05/26/2010 - 08:17
User Badges:
  • Super Bronze, 10000 points or more
  • Cisco Designated VIP,

    2017 IP Telephony

The UPN is not the same as the Distinguished Name (DN) in LDAP. UPN is an individual attribute on an LDAP object while DN is a fully-qualified object path within LDAP.


An example: CN=Example User,OU=Service Accounts,OU=People,DC=domain,DC=com.

In Active Directory the CN field is typically the Display Name field as shown in ADUC.

David Hailey Wed, 05/26/2010 - 08:19
User Badges:
  • Purple, 4500 points or more

Have you tried to put the name in the format of DOMAIN\User for the authentication piece?


Hailey


Please rate helpful posts!

markcarat Wed, 05/26/2010 - 08:32
User Badges:

Hi David


If i use Domain\user, I got  this error


Error while Connecting to ldap://10.10.10.15:3268/netlab\sys.netlab, javax.naming.InvalidNameException: netlab\sys.netlab: [LDAP: error code 34 - 0000208F: LdapErr: DSID-0C090654, comment: Error processing name, data 0, vece]; remaining name \'netlab\sys.netlab\'


if I use the suggestion from Jonathan,


I got this error


Login Failure to Host ldap://10.10.10.15:3268, Please Re-Enter LDAP Manager Distinguished Name and Password


Even though the password is correct.


Regards


Mark

Jonathan Schulenberg Wed, 05/26/2010 - 08:35
User Badges:
  • Super Bronze, 10000 points or more
  • Cisco Designated VIP,

    2017 IP Telephony

Is this a global catalog DC? If not your port should be 389, not 3268.

markcarat Wed, 05/26/2010 - 08:39
User Badges:

Hi Jonthan,


It is a Global Catalog.  I tried using port 389 as well.  Same error.


Thanks


Mark

markcarat Wed, 05/26/2010 - 08:42
User Badges:

Just to add to my last post.  If I use sAMAccountName not userPrincipalName in LDAP System Configuration.  The same user "sys.netlab" would work in LDAP Auth.


Regards


Mark

Correct Answer
Jonathan Schulenberg Wed, 05/26/2010 - 08:48
User Badges:
  • Super Bronze, 10000 points or more
  • Cisco Designated VIP,

    2017 IP Telephony

Have you delegated authority for that account to Read All Attributes on the user objects of the search base OU (and children)? The UPN attribute may not be accessible to the average LDAP query.

Correct Answer
David Hailey Wed, 05/26/2010 - 08:48
User Badges:
  • Purple, 4500 points or more

Well, that was my next suggestion - sounds like you got that figured out.  SamAccountName it is, right?


Hailey

markcarat Wed, 05/26/2010 - 09:14
User Badges:

Hi Jonathan, Hi David


Thank you for your nice suggestions.  It is working now.

I use this in the LDAP Manager Distinguished Name in LDAP Auth


cn=sys netlab,ou=US,dc=netlab,dc=loc


It works with either port # 389 or 3268.


I swear to god I tried this but I must have brain fart..:-)


Again I appreciated all your help.


Regards


Mark

Actions

This Discussion