05-26-2010 07:57 AM - edited 03-15-2019 10:57 PM
Hello,
I tried to set up CUCM V7.1.3 with LDAP Auth. I configured the CUCM to use UPN as username. I used sys.netlab@netlab.loc in LDAP Manager Distinguished Name in LDAP Directory and the LDAP user Search base is dc=netlab,dc=loc. It works fine. However, when I set up LDAP Auth and try to use the same name sys.netlab@netlab.loc in LDAP manager Distinguished Name, it fail. I tried different names and change the LDAP port to 3268 base on some Cisco documentation. Nothing works.
Please help
Thanks
Mark
Solved! Go to Solution.
05-26-2010 08:48 AM
Have you delegated authority for that account to Read All Attributes on the user objects of the search base OU (and children)? The UPN attribute may not be accessible to the average LDAP query.
05-26-2010 08:48 AM
Well, that was my next suggestion - sounds like you got that figured out. SamAccountName it is, right?
Hailey
05-26-2010 08:17 AM
The UPN is not the same as the Distinguished Name (DN) in LDAP. UPN is an individual attribute on an LDAP object while DN is a fully-qualified object path within LDAP.
An example: CN=Example User,OU=Service Accounts,OU=People,DC=domain,DC=com.
In Active Directory the CN field is typically the Display Name field as shown in ADUC.
05-26-2010 08:19 AM
Have you tried to put the name in the format of DOMAIN\User for the authentication piece?
Hailey
Please rate helpful posts!
05-26-2010 08:32 AM
Hi David
If i use Domain\user, I got this error
Error while Connecting to ldap://10.10.10.15:3268/netlab\sys.netlab, javax.naming.InvalidNameException: netlab\sys.netlab: [LDAP: error code 34 - 0000208F: LdapErr: DSID-0C090654, comment: Error processing name, data 0, vece]; remaining name \'netlab\sys.netlab\'
if I use the suggestion from Jonathan,
I got this error
Login Failure to Host ldap://10.10.10.15:3268, Please Re-Enter LDAP Manager Distinguished Name and Password
Even though the password is correct.
Regards
Mark
05-26-2010 08:35 AM
Is this a global catalog DC? If not your port should be 389, not 3268.
05-26-2010 08:39 AM
Hi Jonthan,
It is a Global Catalog. I tried using port 389 as well. Same error.
Thanks
Mark
05-26-2010 08:42 AM
Just to add to my last post. If I use sAMAccountName not userPrincipalName in LDAP System Configuration. The same user "sys.netlab" would work in LDAP Auth.
Regards
Mark
05-26-2010 08:48 AM
Have you delegated authority for that account to Read All Attributes on the user objects of the search base OU (and children)? The UPN attribute may not be accessible to the average LDAP query.
05-26-2010 08:48 AM
Well, that was my next suggestion - sounds like you got that figured out. SamAccountName it is, right?
Hailey
05-26-2010 09:14 AM
Hi Jonathan, Hi David
Thank you for your nice suggestions. It is working now.
I use this in the LDAP Manager Distinguished Name in LDAP Auth
cn=sys netlab,ou=US,dc=netlab,dc=loc
It works with either port # 389 or 3268.
I swear to god I tried this but I must have brain fart..:-)
Again I appreciated all your help.
Regards
Mark
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: