08-02-2010 08:39 AM - edited 03-14-2019 06:12 AM
Hi,
We are planning to integrate the LDAP authentication with our CUCM and remove extension mobility from users that are not using it. By doing this it will allow us to easier deploy CUCiMOC.
This is likely to break UCCX so i have a simmilar setup in the LAB environment. I have enabled LDAP sync and Auth on the CUCM and predictably the CRSAdmin pages will not accept the old username and password. Neither would it accept my LDAP credentials. So, i removed the LDAP authentication, logged back into the CRSAdmin pages with the old login and found my LDAP login in the User Managment page and gave myself Admin rights. Then i renabled LDAP Auth and still it would not let me into the CRSAdmin pages. It will let me into the CUCM admin pages with the LDAP credentials.
Does anyone know what i need to do to fix this?
Regards
Jon
08-02-2010 09:05 AM
The way I have done this in the past is to replicate the local UCM user identically (username, first/last name, password, etc) in LDAP. UCM should see the same user object when performing AD synchronization and map the user together. This will allow you to login to CCX as before with the same user. You can add other user objects to the administrator role at that point.
08-03-2010 07:15 AM
Thanks Jonathan. The problem with that is that the AD GPO will not let me set the password i am using...
Besides when i removed LDAP authentication i logged into the UCCX again and added the Administrator rights to my LDAP account but it wont autheticate me.
Do you have any other ideas?
/Jon
08-03-2010 07:19 AM
The problem with that is that the AD GPO will not let me set the password i am using...
So change your non-LDAP account password in UCM to a password that AD will accept, test that it works for login on CCX, and then do the LDAP integration.
Besides when i removed LDAP authentication i logged into the UCCX again and added the Administrator rights to my LDAP account but it wont autheticate me.
No idea, but one guess would be that changes to the account may not hold when the account is marked as inactive in UCM. Just a guess though.
08-03-2010 09:02 AM
Ive even done the old com.cisco.crs.cluster.config.AppAdmin 'FRESH INSTALL' trick and then added my LDAP id in there and still it
will not let me in......
08-05-2010 01:01 PM
Check that you can login to the ccmuser page. https://
That validates your user ID and LDAP password
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: