The users are reflecting in CM 6.1 from active directory are active but the passwords are not synchronising when I try to logon to ccmuser using AD account passwords any ideas on this ?? Any suggestions will be of great help
What are the values for LDAP Authentication option,
CUCM never stores the AD passwords/synch them.
We only redirect the auth request to AD based on the LDAP auth configuration
First of all thanks a ton for replying ....The scenario is as follows
LDAP Directory Information
LDAP Configuration Name: CN=Administrator,CN=Users,DC=cisco,DC=com
LDAP password: *********
LDAP User SearchBase: cn=Users,DC=cisco,DC=com
The Synchronization works perfectly fine when I create user in AD it is replicated in CM 6.1 but when I try to logon using the same credentials as AD for that user using
http://CMhostname:8443/ccmuser the same credentials as I have in AD the authentication fails !! does not accept the same password as Active directory. Do we need to change something on Tom cat web server for accepting the authentication
Synchronization with LDAP and authentication against LDAP are two different processes. The synchronization process is aimed to retrieve the list of users and their properties from a the AD's database (but not the passwords|, whereas the authentication, you know already, it is used to validate a username-password pair.
So they work different. The synch process uses the 'Administrator' user, that you have configured to bind via LDAP and read the database. It has to have read-only rights within the LDAP.
The authentication process uses the username and password pair, that a user has entered to bind, on behalf of that user, to the LDAP, and if the bind has been successful, the authentication credentials are valid.
Have you configured the LDAp Authentication? IN CCM??
You need to configure the LDAP authentication option just as you did setup the LDAP server on CCM.
UCM6.x does make difference whether the user is an end-user or a system ('application' in UCM 6.x) user. The UCM Administrator user is being considered an 'Application' user, and so its credentials are being kept locally on the UCM LDAP repository. If you would like to make a LDAP user an administrative one, you should assign it a UCM administrative role. Toy can do that by clicking on the username from the User Management->End Users, and then go to bottom of the page, 'Permissions Information' group, and add the user to the UCM Administrators group - 'Standard CCM Admin Users'. The same way you can assign other roles to users.
By default end-users, that were synched from the LDAP do not belong to any group, or do not have any role.
I didn't saw that you are loging in to the ccmuser page.
As I wrote above, the LDAP authentication is a process where the UCM binds to the AD on behalf of the user, i.e. with the credentials, that user has entered, as if the UCM is the user itself. If it binds successfully, then the credentials are OK.
If the user-password pair you use have not been miss-typed, the next thing to check is which LDAP attribute you have chosen for user ID.
The place to set this is in System->LDAP->LDAP System->'LDAP Attribute for User ID*'.
The native to MS AD is sAMAccountName, but it might be also mail address, or userPrincipalName. I use sAMAccountName.
I didnt understand your problem properly...
When you try to login to ccmuser page, your end users are not authenticated?
For this to owrk, you need to associate your end users to Standard CCM end user group...You do not need to assign them to Admin user roles...
I did assign the users to standard CCM end users group but still I am not able to get authenticated also tried assigning them Admin roles but still cant login to ccmuser page ?? any more ideas ?
Hello, I am currently trying to set this up in a lab environment and running into the same issue. I would be very interested to hear the resolution.
Hi guys, verify the configuration of the LDAP Manager Distinguished Name, LDAP Password and the most important the LDAP User Search Base.
I have a similar problem becasue a miss configuration of the User Base Search.
Hope this help
Hello, thanks for your reply and as an update supporting it.... My issue was a misconfiguration in the 'LDAP User Search Base'.