Thanks, that helped. When I entered in the correct information, I am now getting the error "Directory Connection Error", instead of "Directory Configuration Error." Am I missing something else? The problem I have is that everything else works with AD. Attendant Console, Directory on our IP phones, user lookup from CCM. Please help if possible.

Also, I am not familiar with the ex. (o=Cisco)

Why is it o= when I do not have anything similar to that in my AD integration?

The format of the LDAPConfig.ini file that works with AD is:

##Directory Attirbutes####

FIRST_NAME=givenName

LAST_NAME=sn

COMMON_NAME=cn

TELEPHONE_NUMBER=telephoneNumber

USERID=sAMAccountName

DEPARTMENT=department

##CONNECTION DETAILS##

MAX_DIR_CONNECTION=2

INITIAL_DIR_CONNECTION=2

SEARCHSIZE=50

MAX_TIME_LIMIT=0

SEARCH_CN=true

MANAGER_DN=cn=Administrator, cn=Users, dc=u2,dc=com <- Edit it

MANAGER_PASSWORD=X

LDAP_URL=ldap://1.1.1.1:389 <- Edit it

SEARCH_BASE=cn=Users,dc=u2,dc=com <- Edit it

If you do a search in your CCM server for

DirectoryConfiguration.ini you can get the info from there.

Mine is as follows:

[ldap]

ldapURL=ldap://1.1.1.1:389

dn=cn=Administrator, cn=Users, dc=u2,dc=com

passwd=0c001a0c <--Password is encrypted

ciscoBase=ou=Cisco, dc=u2,dc=com

dirType=ADS

dirAccess=true

ldapsURL=ldap://

useSSL=false

Let me know

Here is my information for each file. Also, do I need to restart Tomcat or IPMA service for the change to the LDAPConfig.ini to take effect? I am still getting the Directory Connection Error when trying to access the directory. Maybe you could post a example that I can try with the following information below.

Here is the LDAPConfig.ini file.

##Directory Attirbutes####

FIRST_NAME=givenname

MIDDLE_INITIALS=middleinitial

LAST_NAME=sn

COMMON_NAME=cn

TELEPHONE_NUMBER=telephonenumber

USERID=uid

DEPARTMENT=departmentNumber

##CONNECTION DETAILS##

MAX_DIR_CONNECTION=2

INITIAL_DIR_CONNECTION=2

SEARCHSIZE=50

MAX_TIME_LIMIT=0

SEARCH_CN=true

MANAGER_DN=cn=SvcCisco,ou=Service Accounts,ou=UsersOU,dc=swagelok,dc=com

MANAGER_PASSWORD=mypassword <- not the password

LDAP_URL=ldap://ciscoad.swagelok.com:389

SEARCH_BASE=ou=Cisco, dc=swagelok,dc=com

Here is the DirctoryConfiguration.ini file.

[ldap]

ldapURL=ldap://ciscoad.swagelok.com:389

dn=cn=SVCCisco, ou=Service Accounts, ou=UsersOU, dc=swagelok, dc=com

passwd=encrypted password

ciscoBase=ou=Cisco, dc=swagelok,dc=com

dirType=ADS

dirAccess=false

ldapsURL=ldap://

useSSL=false

##Directory Attirbutes####

FIRST_NAME=givenname

LAST_NAME=sn

COMMON_NAME=cn

TELEPHONE_NUMBER=telephonenumber

USERID=sAMAccountName

DEPARTMENT=department

##CONNECTION DETAILS##

MAX_DIR_CONNECTION=2

INITIAL_DIR_CONNECTION=2

SEARCHSIZE=50

MAX_TIME_LIMIT=0

SEARCH_CN=true

MANAGER_DN=cn=SvcCisco,ou=Service Accounts,ou=UsersOU,dc=swagelok,dc=com

MANAGER_PASSWORD=mypassword <- not the password

LDAP_URL=ldap://ciscoad.swagelok.com:389 <-- Change it to IP address

SEARCH_BASE=cn=Users, dc=swagelok,dc=com

Thanks for the reply. I tried the following and still received the Directory Connection Error. Few things to note:

ciscoad.swagelok.com is a reverse lookup of two AD servers. It is not actually a server. I have tried to insert the IP address of one of the AD servers, and still had the same result. Do I need to reset IPMA or Tomcat service when I make a change to the LDAPConfig.ini file?

Hy,

I had no ideea what to write in this IPMA LDAPConfig.ini file. But after looking on this forum and reading some Cisco IPMA documentation and Active DIrectory I finaly have goog results:).

So, my LDAPConfig.ini, from C:\Program Files\Cisco\MA\ looks like this:

-----------------------------------------

##Directory Attirbutes####

FIRST_NAME=givenname

MIDDLE_INITIALS=middleinitial

LAST_NAME=sn

COMMON_NAME=cn

TELEPHONE_NUMBER=telephonenumber

USERID=uid

DEPARTMENT=departmentNumber

##CONNECTION DETAILS##

MAX_DIR_CONNECTION=2

INITIAL_DIR_CONNECTION=2

SEARCHSIZE=25

MAX_TIME_LIMIT=0

SEARCH_CN=false

MANAGER_DN=CN=IPMA SysUser,CN=Users,dc=company,dc=local

MANAGER_PASSWORD=

LDAP_URL=ldap://IP_Active_directory:389

SEARCH_BASE=cn=Users,dc=company,dc=local

---------------------------------------------

I think that the Directory Attributes are used only for how to show the reasults of the search.

About the CCM, I have CCM 4.1 which is integrated with an Active Directory server. I followed the steps from cisco documentation.

After this integration I have installed and configured IPMA (IP MAnager Assistant).

In Active Directory all the users are in the folder Users from Company.local

The cisco CCM users (CCMAdministrator, CCMSysUser, IPMA SysUser) are also in Users.

There are 2 Domain Controllers (for this Active Directory) in Active-Active. I've used the IP of the first Domain Controller server in LDAPConfig.ini file.

After every modification of the LDAPConfig.ini file the TOMCAT service has to be restarted!!!!

I hope that this information will help somebody who's having problems configuring IPMA with Active Directory.

All the best,

Bogdan Stanciu

Network Eng.

INTRAROM S.A.

BUCHAREST, ROMANIA