Software Version: 126.96.36.19900-5
Problem Details: iPlanet LDAP is set up on our CUCM cluster for users to authenticate to their user page via LDAP.
LDAP and LDAP authentication are configured correctly, and they are connected to the server with no problem. However, any attempt to authenticate via LDAP fails. If we turn LDAP off and authenticate to the local user database on CUCM, it works perfectly.
This is a virtualized CUCM cluster running version 188.8.131.5200-5.
# I have another CUCM 7.1.5 with that everything works fine. # I have checked the roles and group CCMUser. # Reset enduser password in Active Direcory and from Call Manager. # Same Active Directory works with our 7.1.5 CUCM what could be the reason its not working on 8.6.2 # Is there any security certificate i have to download and uploaded to the Active Directory as its a secure LDAP
If LDAP over SSL is required, the corporate directory SSL certificate must be loaded into Cisco Unified Communications Manager. Have a look at the Cisco Unified Communications Operating System Administration Guide documents the certificate upload procedure in the Security chapter.
You will also need to change the port to 636 if you are not using GC or 3269 if you are using GC (global catalog server)
Please rate all useful posts
"'Nature is too thin a screen, the glory of the omnipresent God bursts through it everywhere"-Ralph Waldo Emerson
Please rate all useful posts
"The essence of christianity is not the enthronement but the obliteration of self --William Barclay"
Good post aokanlawon (+5). To add to that on CUCM 8.6 the SSL certificate has to be uploaded to CUCM as a Tomcat-Trust, previously in 7.x it was a Directory-Trust which is now gone in CUCM 8.x. After uploading the SSL certificate the Cisco Tomcat service has to be restarted from the command line with "utils service restart Cisco Tomcat".
If the directory sync is working and you can successfully add the LDAP server and authentication entries to CUCM the connection is tested at that time. Therefore the connection and certificates should be correctly loaded to CUCM. To investigate the cause of the failure you could use a packet capture and decypt the SSL traffic (http://htluo.blogspot.com/2009/01/decrypt-https-traffic-with-wireshark.html) to make sure the CUCM server is sending out a request to the LDAP server. I assume that the LDAP authentication settings are the same as the LDAP Directory (hostname/FQDN instead of IP address) so DNS shouldn't be a problem. Also the user search base should be the same between the directory entry and authentication.
SIP traces provide key information in troubleshooting SIP Trunks, SIP
endpoints and other SIP related issues. Even though these traces are in
clear text, these texts can be gibberish unless you understand fully
what they mean. This document attempts to br...
Please find the attached HTML document, download and open it on your PC.
This provides an easy to use form where you simply answer a few
questions and it will render the proper jabber-config.xml file for you
to copy/paste. There is built in logic to verif...
CUCM Database Replication is an area in which Cisco customers and
partners have asked for more in-depth training in being able to properly
assess a replication problem and potentially resolve an issue without
involving TAC. This document discusses the bas...