10-18-2006 02:07 PM - edited 03-13-2019 03:25 PM
Has anyone configured the directory in IPMA using Active Directory? I am struggling with the configuration for the LDAPConfig.ini file and the proper syntax needed. Please help if you can.
10-18-2006 02:26 PM
This is a good doc on ldapconfig.ini
http://www.cisco.com/en/US/partner/products/sw/voicesw/ps556/products_tech_n
ote09186a00801829e9.shtml
What you basically need to do is fill in these parameters
MANAGER_DN=
MANAGER_PASSWORD=
LDAP_URL=
SEARCH_BASE=
The above information can be found if you go to your CCM and you go to regedit, HKLM,SW,
CiscoSystems,Inc,Directory Configuration.
Also if you have changed to AD it is normal that your IPMA does not work anymore. The
config in DCD is not transferred to AD. You will need to redo the user configuration for
IPMA.
10-18-2006 04:53 PM
Thanks, that helped. When I entered in the correct information, I am now getting the error "Directory Connection Error", instead of "Directory Configuration Error." Am I missing something else? The problem I have is that everything else works with AD. Attendant Console, Directory on our IP phones, user lookup from CCM. Please help if possible.
10-18-2006 04:56 PM
Also, I am not familiar with the ex. (o=Cisco)
Why is it o= when I do not have anything similar to that in my AD integration?
10-18-2006 05:35 PM
The format of the LDAPConfig.ini file that works with AD is:
##Directory Attirbutes####
FIRST_NAME=givenName
LAST_NAME=sn
COMMON_NAME=cn
TELEPHONE_NUMBER=telephoneNumber
USERID=sAMAccountName
DEPARTMENT=department
##CONNECTION DETAILS##
MAX_DIR_CONNECTION=2
INITIAL_DIR_CONNECTION=2
SEARCHSIZE=50
MAX_TIME_LIMIT=0
SEARCH_CN=true
MANAGER_DN=cn=Administrator, cn=Users, dc=u2,dc=com <- Edit it
MANAGER_PASSWORD=X
LDAP_URL=ldap://1.1.1.1:389 <- Edit it
SEARCH_BASE=cn=Users,dc=u2,dc=com <- Edit it
If you do a search in your CCM server for
DirectoryConfiguration.ini you can get the info from there.
Mine is as follows:
[ldap]
ldapURL=ldap://1.1.1.1:389
dn=cn=Administrator, cn=Users, dc=u2,dc=com
passwd=0c001a0c <--Password is encrypted
ciscoBase=ou=Cisco, dc=u2,dc=com
dirType=ADS
dirAccess=true
ldapsURL=ldap://
useSSL=false
Let me know
10-19-2006 06:04 AM
Here is my information for each file. Also, do I need to restart Tomcat or IPMA service for the change to the LDAPConfig.ini to take effect? I am still getting the Directory Connection Error when trying to access the directory. Maybe you could post a example that I can try with the following information below.
Here is the LDAPConfig.ini file.
##Directory Attirbutes####
FIRST_NAME=givenname
MIDDLE_INITIALS=middleinitial
LAST_NAME=sn
COMMON_NAME=cn
TELEPHONE_NUMBER=telephonenumber
USERID=uid
DEPARTMENT=departmentNumber
##CONNECTION DETAILS##
MAX_DIR_CONNECTION=2
INITIAL_DIR_CONNECTION=2
SEARCHSIZE=50
MAX_TIME_LIMIT=0
SEARCH_CN=true
MANAGER_DN=cn=SvcCisco,ou=Service Accounts,ou=UsersOU,dc=swagelok,dc=com
MANAGER_PASSWORD=mypassword <- not the password
LDAP_URL=ldap://ciscoad.swagelok.com:389
SEARCH_BASE=ou=Cisco, dc=swagelok,dc=com
Here is the DirctoryConfiguration.ini file.
[ldap]
ldapURL=ldap://ciscoad.swagelok.com:389
dn=cn=SVCCisco, ou=Service Accounts, ou=UsersOU, dc=swagelok, dc=com
passwd=encrypted password
ciscoBase=ou=Cisco, dc=swagelok,dc=com
dirType=ADS
dirAccess=false
ldapsURL=ldap://
useSSL=false
10-19-2006 07:51 AM
##Directory Attirbutes####
FIRST_NAME=givenname
LAST_NAME=sn
COMMON_NAME=cn
TELEPHONE_NUMBER=telephonenumber
USERID=sAMAccountName
DEPARTMENT=department
##CONNECTION DETAILS##
MAX_DIR_CONNECTION=2
INITIAL_DIR_CONNECTION=2
SEARCHSIZE=50
MAX_TIME_LIMIT=0
SEARCH_CN=true
MANAGER_DN=cn=SvcCisco,ou=Service Accounts,ou=UsersOU,dc=swagelok,dc=com
MANAGER_PASSWORD=mypassword <- not the password
LDAP_URL=ldap://ciscoad.swagelok.com:389 <-- Change it to IP address
SEARCH_BASE=cn=Users, dc=swagelok,dc=com
10-19-2006 08:50 AM
Thanks for the reply. I tried the following and still received the Directory Connection Error. Few things to note:
ciscoad.swagelok.com is a reverse lookup of two AD servers. It is not actually a server. I have tried to insert the IP address of one of the AD servers, and still had the same result. Do I need to reset IPMA or Tomcat service when I make a change to the LDAPConfig.ini file?
02-12-2007 02:25 AM
Hy,
I had no ideea what to write in this IPMA LDAPConfig.ini file. But after looking on this forum and reading some Cisco IPMA documentation and Active DIrectory I finaly have goog results:).
So, my LDAPConfig.ini, from C:\Program Files\Cisco\MA\ looks like this:
-----------------------------------------
##Directory Attirbutes####
FIRST_NAME=givenname
MIDDLE_INITIALS=middleinitial
LAST_NAME=sn
COMMON_NAME=cn
TELEPHONE_NUMBER=telephonenumber
USERID=uid
DEPARTMENT=departmentNumber
##CONNECTION DETAILS##
MAX_DIR_CONNECTION=2
INITIAL_DIR_CONNECTION=2
SEARCHSIZE=25
MAX_TIME_LIMIT=0
SEARCH_CN=false
MANAGER_DN=CN=IPMA SysUser,CN=Users,dc=company,dc=local
MANAGER_PASSWORD=
LDAP_URL=ldap://IP_Active_directory:389
SEARCH_BASE=cn=Users,dc=company,dc=local
---------------------------------------------
I think that the Directory Attributes are used only for how to show the reasults of the search.
About the CCM, I have CCM 4.1 which is integrated with an Active Directory server. I followed the steps from cisco documentation.
After this integration I have installed and configured IPMA (IP MAnager Assistant).
In Active Directory all the users are in the folder Users from Company.local
The cisco CCM users (CCMAdministrator, CCMSysUser, IPMA SysUser) are also in Users.
There are 2 Domain Controllers (for this Active Directory) in Active-Active. I've used the IP of the first Domain Controller server in LDAPConfig.ini file.
After every modification of the LDAPConfig.ini file the TOMCAT service has to be restarted!!!!
I hope that this information will help somebody who's having problems configuring IPMA with Active Directory.
All the best,
Bogdan Stanciu
Network Eng.
INTRAROM S.A.
BUCHAREST, ROMANIA
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide