Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

LDAP User Privileges

Dears,

wanna do integration CUCM 9.1 with Active Directory and what i know that the user should have "Read" Only privileges to do the integration

BUT:

1- I tried to do it with user has only Read privilges i got error login failure to ldap

2- I change the user privilege to be Admin then i could integrate with call manager

CUCM 9,1 Administration Documents Says:

LDAP Manager Distinguished Name

Enter the user ID (up to 128 characters) of the LDAP Manager, who is an administrative user that has access rights to the LDAP directory in question.

CUCM 9.1 SRND Says (Page 809):

Design Considerations for LDAP Synchronization

Observe the following design and implementation best practices when deploying LDAP synchronization

with Cisco Unified CM:

• Use a specific account within the corporate directory to allow the Unified CM synchronization

agreement to connect and authenticate to it. Cisco recommends that you use an account dedicated

to Unified CM, with minimum permissions set to "read" all user objects within the desired search

base and with a password set never to expire. The password for this account in the directory must

be kept in synchronization with the password configuration of the account in Unified CM. If the

service account password changes in the directory, be sure to update the account configuration in

Unified CM.

What exactly the right privileges for the user ??

Everyone's tags (2)
3 REPLIES
Hall of Fame Super Silver

Re: LDAP User Privileges

Read only is sufficient, you need to ensure the user is on OU that is part of your search base.

Chris

Sent from Cisco Technical Support iPhone App

New Member

LDAP User Privileges

Thanks Chris for your reply, as i mentioned i just change the user privilege to Admin then it could be accepted to do the integration before that it was giving failure to login ldap

Hall of Fame Super Silver

LDAP User Privileges

Can you provide the distinguished user string and the search base string? Perhaps the user is outside of the search base hence requires admin rights to read it.

Chris

345
Views
0
Helpful
3
Replies
CreatePlease login to create content