cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
7456
Views
5
Helpful
9
Replies

Need help in CUCM LDAP Auth

markcarat
Level 1
Level 1

Hello,

I tried to set  up CUCM V7.1.3 with LDAP Auth.  I configured the CUCM to use UPN as username.  I used sys.netlab@netlab.loc in LDAP Manager Distinguished Name in LDAP Directory and the LDAP user Search base is dc=netlab,dc=loc.  It works fine.  However, when I set up LDAP Auth and try to use the same name sys.netlab@netlab.loc in LDAP manager Distinguished Name, it fail.  I tried different names and change the LDAP port to 3268 base on some Cisco documentation. Nothing works.

Please help

Thanks

Mark

2 Accepted Solutions

Accepted Solutions

Have you delegated authority for that account to Read All Attributes on the user objects of the search base OU (and children)? The UPN attribute may not be accessible to the average LDAP query.

View solution in original post

Well, that was my next suggestion - sounds like you got that figured out.  SamAccountName it is, right?

Hailey

View solution in original post

9 Replies 9

Jonathan Schulenberg
Hall of Fame
Hall of Fame

The UPN is not the same as the Distinguished Name (DN) in LDAP. UPN is an individual attribute on an LDAP object while DN is a fully-qualified object path within LDAP.

An example: CN=Example User,OU=Service Accounts,OU=People,DC=domain,DC=com.

In Active Directory the CN field is typically the Display Name field as shown in ADUC.

David Hailey
VIP Alumni
VIP Alumni

Have you tried to put the name in the format of DOMAIN\User for the authentication piece?

Hailey

Please rate helpful posts!

Hi David

If i use Domain\user, I got  this error

Error while Connecting to ldap://10.10.10.15:3268/netlab\sys.netlab, javax.naming.InvalidNameException: netlab\sys.netlab: [LDAP: error code 34 - 0000208F: LdapErr: DSID-0C090654, comment: Error processing name, data 0, vece]; remaining name \'netlab\sys.netlab\'

if I use the suggestion from Jonathan,

I got this error

Login Failure to Host ldap://10.10.10.15:3268, Please Re-Enter LDAP Manager Distinguished Name and Password

Even though the password is correct.

Regards

Mark

Is this a global catalog DC? If not your port should be 389, not 3268.

Hi Jonthan,

It is a Global Catalog.  I tried using port 389 as well.  Same error.

Thanks

Mark

Just to add to my last post.  If I use sAMAccountName not userPrincipalName in LDAP System Configuration.  The same user "sys.netlab" would work in LDAP Auth.

Regards

Mark

Have you delegated authority for that account to Read All Attributes on the user objects of the search base OU (and children)? The UPN attribute may not be accessible to the average LDAP query.

Well, that was my next suggestion - sounds like you got that figured out.  SamAccountName it is, right?

Hailey

Hi Jonathan, Hi David

Thank you for your nice suggestions.  It is working now.

I use this in the LDAP Manager Distinguished Name in LDAP Auth

cn=sys netlab,ou=US,dc=netlab,dc=loc

It works with either port # 389 or 3268.

I swear to god I tried this but I must have brain fart..:-)

Again I appreciated all your help.

Regards

Mark

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: