Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Secure LDAP

Software Version: 8.6.2.21900-5

Problem Details: iPlanet LDAP is set up on our CUCM cluster for users to authenticate to their user page via
LDAP.

LDAP and LDAP authentication are configured correctly, and they are connected to the server with no problem.
However, any attempt to authenticate via LDAP fails.  If we turn LDAP off and authenticate to the local user
database on CUCM, it works perfectly.

This is a virtualized CUCM cluster running version 8.6.2.21900-5.

# I have another CUCM 7.1.5 with that everything works fine.
# I have checked the roles and group CCMUser.
# Reset enduser password in Active Direcory and from Call Manager.
# Same Active Directory works with our 7.1.5 CUCM what could be the reason its not working on 8.6.2
# Is there any security certificate i have to download and uploaded to the Active Directory as its a secure LDAP

Please suggest

Thanks in advance..

Everyone's tags (3)
2 REPLIES
VIP Super Bronze

Secure LDAP

Hi,

If LDAP over SSL is required, the corporate directory SSL certificate must be loaded into Cisco Unified Communications Manager. Have a look at the  Cisco Unified Communications Operating System Administration Guide documents the certificate upload procedure in the Security chapter.

You will also need to change the port to 636 if you are not using GC or 3269 if you are using GC (global catalog server)

Please rate all useful posts

"'Nature is too thin a screen, the glory of the omnipresent God bursts through it everywhere"-Ralph Waldo Emerson

Please rate all useful posts "The essence of christianity is not the enthronement but the obliteration of self --William Barclay"
Cisco Employee

Secure LDAP

Good post aokanlawon (+5).  To add to that on CUCM 8.6 the SSL certificate has to be uploaded to CUCM as a Tomcat-Trust, previously in 7.x it was a Directory-Trust which is now gone in CUCM 8.x.  After uploading the SSL certificate the Cisco Tomcat service has to be restarted from the command line with "utils service restart Cisco Tomcat".

If the directory sync is working and you can successfully add the LDAP server and authentication entries to CUCM the connection is tested at that time.  Therefore the connection and certificates should be correctly loaded to CUCM.  To investigate the cause of the failure you could use a packet capture and decypt the SSL traffic (http://htluo.blogspot.com/2009/01/decrypt-https-traffic-with-wireshark.html) to make sure the CUCM server is sending out a request to the LDAP server.  I assume that the LDAP authentication settings are the same as the LDAP Directory (hostname/FQDN instead of IP address) so DNS shouldn't be a problem.  Also the user search base should be the same between the directory entry and authentication.

655
Views
5
Helpful
2
Replies