Re: CAR and Active Directory

SEAN NILSEN · ‎02-28-2003

I am taking over a project for an engineer who left our company (CCM 3.2.2c spF; CAR 3.2.0.12). CCM is integrated with AD and works great.

They have a need to use CAR, but it appears after installing and configuring CAR for specific admin users, the changes are saved but none of the users have Admin access.

I went searching and found this link:

http://www.cisco.com/en/US/partner/products/sw/voicesw/ps556/products_tech_note09186a0080094871.shtml

But #1 there is no "CiscoAdminRepToolAdminGroupUsers" security group in the AD.

#2, when I added it to the correct OU (at the point in the procedure where I would have "moved" it) I then got an LDAP error when trying to login as my new Admin user.

Any ideas on a fix?

SEAN NILSEN · ‎02-28-2003

Here's the error message:

The following Error(s) occurred while processing your request. You can:

* click on the 'Back' Button, to go back, fix the errors and try again.

* click on the 'Close' Button, to abort the processing and go to Main Screen.

Error Code Error Description

10013 LDAP Access Error. Contact System Administrator

kthorngr · ‎03-03-2003

You may want to try the workarounds to the follwoing three DDTS:

a) CScdv55021: This happens when the node, user base, is not under Cisco base. i.e. the user base

and Cisco base are either at same level or in different tree. Use the work around as mentioned in

the release note. This defect is fixed in 3.2(2a).

Workaround: Following steps have to be preformed in order.

1. Grant Admin Rights to the users by using "admin" account.

2. Open Netscape or Active Directory. Go to UserBase.

3. Copy the group "CiscoAdminRepToolAdminGroupUsers" from UserBase to CiscoBase. The UserBase was

set during installation. The default UserBase for Netscape is Poeple. The default UserBase for AD is

Users. Check C:\dcdsrvr\logs\netscape_cfg.log or ad_cfg.log. In the CFG file, look for

ciscoCCNatUserBase. The value right below this is the UserBase specified during installation. The

CiscoBase can be got from art.ini file or from registry at "HKEY_LOCAL_MACHINE\SOFTWARE\Cisco

Systems, Inc.\Directory Configuration\CISCOBASE".

4. Log in using the admin user account. Limitation of this workaround: Only one user can be given

admin rights for the first time(using "adimin" account).

Do the following steps to grant admin rights for more users :

1. Give admin rights to one user by following the steps mentions above.

2. Login using the user and give admin rights to one/more users.

3. Delete the "CiscoAdminRepToolAdminGroupUsers" from CiscoBae.

4. Copy the group again from UserBase to CiscoBase. Follow the same steps to add more users to admin

group.

b) CSCdx00875: This defect arises when the common name ( the name displayed in the AD console) is

different from the user ID. The work around is to rename the user (Select the user, right click,

select rename) so that the common name is same as userID and then add the user to ART admin group.

Workaround: Change the common name to be same as the UserID field.

c) CSCdx26336: This is observed when the user, which is to be added to ART Admin group, is not

directly under the user base. Say, user base is cn=users, dc=cisco, dc=com but the user is present

under ou=evvbu,cn=users,dc=cisco,dc=com, then it is not possible to add that user to ART admin

group. There is no workaround for this problem other that adding an user who is directly under user

base to ART admin group.

WorkAround: Add an user who is directly under userbase to CAR Admin group.

HTH,

Kev