LDAP Authentication with UCCX

Unanswered Question
Aug 2nd, 2010
User Badges:

Hi,


We are planning to integrate the LDAP authentication with our CUCM and remove extension mobility from users that are not using it. By doing this it will allow us to easier deploy CUCiMOC.


This is likely to break UCCX so i have a simmilar setup in the LAB environment. I have enabled LDAP sync and Auth on the CUCM and predictably the CRSAdmin pages will not accept the old username and password. Neither would it accept my LDAP credentials. So, i removed the LDAP authentication, logged back into the CRSAdmin pages with the old login and found my LDAP login in the User Managment page and gave myself Admin rights. Then i renabled LDAP Auth and still it would not let me into the CRSAdmin pages. It will let me into the CUCM admin pages with the LDAP credentials.


Does anyone know what i need to do to fix this?


Regards


Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
Loading.
Jonathan Schulenberg Mon, 08/02/2010 - 09:05
User Badges:
  • Super Bronze, 10000 points or more
  • Cisco Designated VIP,

    2017 IP Telephony

The way I have done this in the past is to replicate the local UCM user identically (username, first/last name, password, etc) in LDAP. UCM should see the same user object when performing AD synchronization and map the user together. This will allow you to login to CCX as before with the same user. You can add other user objects to the administrator role at that point.

gbljoba Tue, 08/03/2010 - 07:15
User Badges:

Thanks Jonathan. The problem with that is that the AD GPO will not let me set the password i am using...


Besides when i removed LDAP authentication i logged into the UCCX again and added the Administrator rights to my LDAP account but it wont autheticate me.


Do you have any other ideas?


/Jon

Jonathan Schulenberg Tue, 08/03/2010 - 07:19
User Badges:
  • Super Bronze, 10000 points or more
  • Cisco Designated VIP,

    2017 IP Telephony

The problem with that is that the AD GPO will not let me set the 
password i am using...

So change your non-LDAP account password in UCM to a password that AD will accept, test that it works for login on CCX, and then do the LDAP integration.


Besides when i removed LDAP authentication i logged into the UCCX again 
and added the Administrator rights to my LDAP account but it wont 
autheticate me.

No idea, but one guess would be that changes to the account may not hold when the account is marked as inactive in UCM. Just a guess though.

gbljoba Tue, 08/03/2010 - 09:02
User Badges:

Ive even done the old com.cisco.crs.cluster.config.AppAdmin 'FRESH INSTALL' trick and then added my LDAP id in there and still it

will not let me in......

Graham Old Thu, 08/05/2010 - 13:01
User Badges:
  • Silver, 250 points or more

Check that you can login to the ccmuser page. https:///ccmuser


That validates your user ID and LDAP password

Actions

This Discussion