Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

CCM5.1, LDAP manager account with read privilege

I created an account in AD to setup as LDAP manager in CCM but login failure with that account.

-account created in AD=CCMLDAPAdmin/12345

-in '/users' context, delegate 'Read' privilege to CCMLDAPAdmin

In CCM, set 'LDAP Manager Distinguised Name=CCMLDAPAdmin/12345' but I have the error message,

"Login Failure to Host ldap://10.1.10.11:389, Please Re-Enter LDAP Manager Distinguished Name and Password"

Please advise why login failure with the account 'CCMLDAPAdmin'

Thanks in advance,

1 ACCEPTED SOLUTION

Accepted Solutions
Gold

Re: CCM5.1, LDAP manager account with read privilege

I've seen this before and the issue is that when configuring CM to work with this, you need to mention the Canonical Name (CN) and not the Login ID. In most cases, the CN is the same as the Display Name of the user. To check for Cononical Name for the user, in ADUC, Select Advanced Options. Go to the User Properties and mention the Name mentioned after users "....users/XXXX XXXX"

Hope this helps

6 REPLIES
Green

Re: CCM5.1, LDAP manager account with read privilege

Make sure the account is not locked and try to change the cn to other that doesnt include / and confirm the CN name.

New Member

Re: CCM5.1, LDAP manager account with read privilege

Hello cjrchoi11,

I think you have to enter the full path into this field and not only the SamAccountName (UserID).

So here an example of what I?m talking about:

CN=Administrator,CN=Users,DC=test,DC=enviroment,DC=com

"CN=Administratior" can be adapted to your User CCMLDAPAdmin.

"CN=Users" is your directory in which your account is in.

"DC=test,DC=enviroment,DC=com" is your domain you have in this example "test.enviroment.com"

Please be carefull the entries are Case-Sensitive.

Good luck in advance

Best regards

Torsten

New Member

Re: CCM5.1, LDAP manager account with read privilege

Thanks guys,

let me describe in detail,

1. create an account in AD as name 'CCMLDAPAdmin' which copy from 'administraor'

2. configure in CCM

-ldap distinguished name: cn=CCMLDAPAdmin,cn=users,dc=ucdemo,dc=com

-ldap password: ****

-ldap user search base: dc=ucdemo,dc=com

3. I'm sure the account 'CCMLDAPAdmin' is not locked and correct password but always 'login failed' error message.

4. it works okay if I put 'administrator'. looks CCM doesn't like any account other than 'administrator'

CCM SRND recommends to use a dedicated account which has 'read' previlege for all users but I cannot achive....

Thanks in advance,

Gold

Re: CCM5.1, LDAP manager account with read privilege

I've seen this before and the issue is that when configuring CM to work with this, you need to mention the Canonical Name (CN) and not the Login ID. In most cases, the CN is the same as the Display Name of the user. To check for Cononical Name for the user, in ADUC, Select Advanced Options. Go to the User Properties and mention the Name mentioned after users "....users/XXXX XXXX"

Hope this helps

New Member

Re: CCM5.1, LDAP manager account with read privilege

Hey Mahesh,

it works with canonical name format.... I'm not MS (or LDAP) expert and couldn't find out this info.. Looks others are works with userID but why mine doesn't. my AD server is w2k-sp4.

BR, John

Gold

Re: CCM5.1, LDAP manager account with read privilege

Yes, Cm 5.x code looks to be changed such that it uses the CN which it should be using since we use the naming as cn.

216
Views
5
Helpful
6
Replies