Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

CUIC Active Directory Configuration

We have installed CUIC 8.5(3) but cannot configure active directory correctly. We only want users who are in a specific security group to be able to login. Is this possible? The security group is UCCE_Reporting.

We have tried using the below in the User Search Base field but neither work.

CN=UCCE_Reporting,CN=Users,DC=***,DC=***

OU=UCCE_Reporting,CN=Users,DC=***,DC=***

Everyone's tags (5)
4 REPLIES

CUIC Active Directory Configuration

Hello,

Can you please try :

OU=UCCE_Reporting, OU=Users, DC=****, DC=*****

Amer

New Member

CUIC Active Directory Configuration

Hi Amer,

I tried your suggestion but it did not work. All user accounts are not located in Users or UCCE_Reporting groups. The users are members of UCCE_Reporting only.

I tried the suggestions on this link but they did not work either. I don't think the User Search Base field supports LDAP filters.

https://supportforums.cisco.com/docs/DOC-13350

CUIC Active Directory Configuration

That's not possible as such. The User Search Base defines the location on the Domain where CUIC can find the user's accounts, group membership is pretty much irrelevant. This is more about user authentication than it is about authorization.

The authorization part is controlled through the Users page in the CUIC interface. So you'd have to define your Search Base wide enough to incorporate all OUs that may contain users on the domain and then manually define the IDs that have accesss to CUIC on the Users page.

Cheers,

Kris

New Member

CUIC Active Directory Configuration

Hi Kris,

I believe you are correct as I have tried every way I could find to try and limit login based on group membership.

This isn't a huge issue but any account that is in the OU defined in the User Search Base can login to CUIC regardless of if that user is listed in the User List page. This isn't a huge risk as the user does not have access to anything by default but that doesn't seem like a secure practice to let users who are not in the user list to login.

1692
Views
0
Helpful
4
Replies