LDAP Error on CDR Login

Answered Question
Oct 11th, 2006
User Badges:

I'm experiencing an issue with accessing the CDR Analysis and Reporting.


Whenever I log in, I receive an error stating "LDAP Access Error. Contact System Administrator." This began suddenly after some maintenance reboots. (No changes were made prior to the reboot.)


I am running CallManager 4.1(3) and it is integrated with Active Directory.


I checked the "CiscoAdminRepToolAdminGroupUsers" group in AD and it does include the account I have been using to access CDR. I have checked the directoryconfig.ini file and it appears to contain all of the correct information. I am not experiencing any problems using other accounts authenticated through AD (e.g. ccmadministrator).


On the advice of an older posting in this group, I removed the AD group with my CDR user in it. Once I did this, I was able to access CDR with the default admin/admin login, but I receive the same LDAP error when I go to the Admin Rights page and try to restore rights to the appropriate users.


I have added the IP and hostname of the server handling these AD requests to the hosts and lmhosts file on each of the CallManagers, and verified this using nbtstat -c and ipconfig /displaydns commands via a Command Prompt.


Any ideas? Thanks in advance.

Correct Answer by gogasca about 10 years 10 months ago

Hi,


-Uninstall CAR

-Reboot

-Reinstall CAR

-Try to re-run AD Plugin if that doesnt help...

Verify that art.ini is populated correctly:

ie:


[ldap]

ldapURL=ldap://1.1.1.1:389

dn=cn=Administrator, cn=Users, dc=domain1,dc=cisco,dc=com

passwd=1c021e082d071d08

ciscoBase=ou=Cisco, dc=domain1,dc=cisco,dc=com

dirType=ADS

dirAccess=false


You can copy this from DirectoryConfiguration.ini under Dcdsrvr folder.


When login fails, look in the Tbl_Error_log table in the art db and check for most recent errors and gather sniffer trace from CCM using netmon in order to see LDAP traffic.


Let us know

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
gogasca Wed, 10/11/2006 - 19:20
User Badges:
  • Green, 3000 points or more

Hi,


-Uninstall CAR

-Reboot

-Reinstall CAR

-Try to re-run AD Plugin if that doesnt help...

Verify that art.ini is populated correctly:

ie:


[ldap]

ldapURL=ldap://1.1.1.1:389

dn=cn=Administrator, cn=Users, dc=domain1,dc=cisco,dc=com

passwd=1c021e082d071d08

ciscoBase=ou=Cisco, dc=domain1,dc=cisco,dc=com

dirType=ADS

dirAccess=false


You can copy this from DirectoryConfiguration.ini under Dcdsrvr folder.


When login fails, look in the Tbl_Error_log table in the art db and check for most recent errors and gather sniffer trace from CCM using netmon in order to see LDAP traffic.


Let us know

gogasca Thu, 10/12/2006 - 05:40
User Badges:
  • Green, 3000 points or more

Hi this is an AD integration , so DCD is disabled.

Scott Braun Thu, 10/12/2006 - 09:09
User Badges:

I have re-run the AD plugin. We were experiencing some more widespread issues previously, especially with the 'ccmadministrator' and 'ac' accounts. I reinstalled the AD plugin across the cluster and most of those issues went away, but this came up shortly after. Would I need to reinstall CDR after reinstalling the AD plugin?


The LDAP information was not listed in the art.ini file, so I added it in as it was configured in the directoryconfiguration.ini file, then restarted the IIS, WWW, and CDR services. Same result.


I do see errors in the Error Log table you specified, of type DirUser.OperationError and com.cisco.art.general.GenARTMajorException. I also grabbed some Netmon captures and I don't see any packets going to or coming from the specified LDAP server.


Looks like my next step is to install CDR. What do you think?

gogasca Thu, 10/12/2006 - 09:46
User Badges:
  • Green, 3000 points or more

Hi sbraun,

Yes go ahed and reinstall it after running plugin.

Actions

This Discussion