cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2319
Views
10
Helpful
8
Replies

CUCiMOC LDAP and CUCM Credentials Mismatch

neilobrien
Level 1
Level 1

Hi,

Yet another CUCiMOC dicussion

OK so we have CUCM integrated with AD, but not using AD authentication.  All CUCM user IDs are tied to the telephoneNumber field in AD.  We've got the basics of OCS and MOC working.  Now we're trying to integrate CUCiMOC into our setup.

I've set all the CUCiMOC registry entries for AD/LDAP/Attribute names etc.  Extension numbers aren't appearing in MOC but that's another problem.

I can only log into the conversation pane in CUCiMOC using the user id/PIN of CUCM.  When I do, it logs in ok, I get phone control functionality but I continue to get the LDAP Server disconnnected message.  I ran wireshark to see what was happenning and I'm getting LDAP authentication errors to my DC.  Of course I am - it's trying to use the CUCM user id and PIN to authenticate to AD.  I changed the LDAP attributes to use the telephoneNumber field as the login but the PIN in CUCM will never be the same as the password in AD so it continues to fail

So what do you do here - does it need to authenticate to both CUCM and AD correctly??  I don't see how this will ever be possible.

Maybe someone can explain if they've come across this??


Thanks,

Neil

8 Replies 8

htluo
Level 9
Level 9

Take a look at http://www.cisco.com/en/US/docs/voice_ip_comm/cucimoc/8_0/english/installguide/config_clients.html#wp1074207.

The one you're interested in was "ContactService_UseCredentialsFrom".

Michael

http://htluo.blogspot.com

Hi Michael - sorry for the delay in coming back to you.

Thanks for the response, however I'm a little confused with these settings.

When I log onto the MOC client, I use my AD domain username/password.  When I log onto CUCiMOC, I need to use my CUCM usernsme (extn number) and CUCM PIN.  It logs me in fine but it's the CUCiMOC alerts where I get the LDAP authentication error.  When I go into the CICiMOC settings, I can set an "account" username/password which I set to my AD domain username/password and the LDAP error goes away.

I dont' see where to specify this in the settings you pointed me to.

Can you give me some pointers?

Thank in advance,


Neil

If your CUCM is integrated with LDAP (Active Directory), you could save some additional credentials (because they use the same credential).

If your CUCM is NOT integrated with LDAP, you'll have to specify LDAP credentials (which you did).

There's no way for CUCIMOC to know that before hand.  Thus you need to tell it with registry settings, which is described in the documentation.

Michael

http://htluo.blogspot.com

Hi Michael,

OK I think I have a handle on it now.

I was logging into CUCiMOC with my CUCM user and my CUCM PIN.  For some reason it was allowing me to log in with this.  But what I hadn't realised was that the CUCM was AD integrated so I tried logging in with my CUCM user and AD password and up came the CTI control.

Once I sent the synchronise creds options to "No Sync", and once i manually set the LDAP creds in CUCiMOC options to use my AD user/password, it keeps it there when i log off/on again.

thanks for the great advise,

Neil

No Sir, When CUPC logins in we do a bind request each time. So we do not store paswword localy,

when login atatempt occurs we send bind request to the AD and check PWD there

Hi,

If the end user changes their ldap password, will they need to go to the LDAP settings on CUCIMoC and change their password each time?

Hi

I have another question related to this.

If the CUCM is not integrated with AD, but we specify LDAP authentication in the registry for CUCIMOC, will softphone and call control work?

The usernames will be the same, but the passwords will be different. CUCIMOC will authenticate the user via LDAP with AD and that'll work, but how does CUCIMOC client then speak to Call Manager?

Or does this require the user entering their call manager userid and pin manually?

Thanks

"If  the end user changes their ldap password, will they need to go to the  LDAP settings on CUCIMoC and change their password each time?"

Is there any solution?  Any idea's, has anyone experienced the same.

Thanks

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: