Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

CUCM LDAP Authentication via CTI Manager

When CUCM is using LDAP for authentication several subsystems including CTI manager utilize this mechanism for device authentication. One for example is the CTI manager the invokes an LDAP authentication process with LDAP when a CUPC user enabled deskphone control.

Generally most LDAP querys (aka searchRequests) have a sizeLimit and timeLimit variable that can control to overall response in addition to the filter.

When an Tomcat authentication request takes place these size and time Limit Values are sent to the LDAP server with 0's for each.

When a CTI authentication request takes place the SizeLimit value is 0, however the timeLimit value is 1996501041 . This variable seems to cause issues with Sun One LDAP systems where the LDAP server returns a timeLimitExceeded... I can execute the exact same searchRequest with a stand alone browser with a timeLimit of 0 and get the appropriate response every time.

Does anyone know why this timeLimit value gets populated on CTI requests from CUCM or what this value actually represents?

3 REPLIES
Red

Re: CUCM LDAP Authentication via CTI Manager

Cisco use OpenLDAP library to do LDAP authentication.

OpenLDAP library has two interfaces: Java and C/C++.

Cisco Tomcat uses Java.  Cisco CTIManager uses C/C++.  That's why you're seeing the difference.

Even so, a timelimit of 1996501041 shouldn't cause any problem.  That was in the unit of seconds.  Have you got someone looked at the LDAP server side and see why it threw timelimit exceed error?

Thanks!

Michael

New Member

Re: CUCM LDAP Authentication via CTI Manager

Hi Michael,

Thanks for the reply. I do know now that the timestamp is a unix epoch timestamp for sometime in 2033.. but this is the only delta in between a successfull result and a failure.. I am requesting logs from the LDAP side of the house to see what type of errors are being collected on that side. Do you know by chance since CTI is C/C++ of this value is compiled into the subsystem or is a variable somewhere that could be changed with the appropriate system access?

JP

Highlighted
Red

Re: CUCM LDAP Authentication via CTI Manager

You may take a look at http://www.zytrax.com/books/ldap/ch6/#timelimit.

I'm not sure if it's a variable or not. I guess you'll have to get the TAC to talk to the developer to find out.

Michael

http://htluo.blogspot.com

1014
Views
8
Helpful
3
Replies
CreatePlease login to create content