Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

LDAP Error on CDR Login

I'm experiencing an issue with accessing the CDR Analysis and Reporting.

Whenever I log in, I receive an error stating "LDAP Access Error. Contact System Administrator." This began suddenly after some maintenance reboots. (No changes were made prior to the reboot.)

I am running CallManager 4.1(3) and it is integrated with Active Directory.

I checked the "CiscoAdminRepToolAdminGroupUsers" group in AD and it does include the account I have been using to access CDR. I have checked the directoryconfig.ini file and it appears to contain all of the correct information. I am not experiencing any problems using other accounts authenticated through AD (e.g. ccmadministrator).

On the advice of an older posting in this group, I removed the AD group with my CDR user in it. Once I did this, I was able to access CDR with the default admin/admin login, but I receive the same LDAP error when I go to the Admin Rights page and try to restore rights to the appropriate users.

I have added the IP and hostname of the server handling these AD requests to the hosts and lmhosts file on each of the CallManagers, and verified this using nbtstat -c and ipconfig /displaydns commands via a Command Prompt.

Any ideas? Thanks in advance.

1 ACCEPTED SOLUTION

Accepted Solutions
Green

Re: LDAP Error on CDR Login

Hi,

-Uninstall CAR

-Reboot

-Reinstall CAR

-Try to re-run AD Plugin if that doesnt help...

Verify that art.ini is populated correctly:

ie:

[ldap]

ldapURL=ldap://1.1.1.1:389

dn=cn=Administrator, cn=Users, dc=domain1,dc=cisco,dc=com

passwd=1c021e082d071d08

ciscoBase=ou=Cisco, dc=domain1,dc=cisco,dc=com

dirType=ADS

dirAccess=false

You can copy this from DirectoryConfiguration.ini under Dcdsrvr folder.

When login fails, look in the Tbl_Error_log table in the art db and check for most recent errors and gather sniffer trace from CCM using netmon in order to see LDAP traffic.

Let us know

6 REPLIES
Green

Re: LDAP Error on CDR Login

Hi,

-Uninstall CAR

-Reboot

-Reinstall CAR

-Try to re-run AD Plugin if that doesnt help...

Verify that art.ini is populated correctly:

ie:

[ldap]

ldapURL=ldap://1.1.1.1:389

dn=cn=Administrator, cn=Users, dc=domain1,dc=cisco,dc=com

passwd=1c021e082d071d08

ciscoBase=ou=Cisco, dc=domain1,dc=cisco,dc=com

dirType=ADS

dirAccess=false

You can copy this from DirectoryConfiguration.ini under Dcdsrvr folder.

When login fails, look in the Tbl_Error_log table in the art db and check for most recent errors and gather sniffer trace from CCM using netmon in order to see LDAP traffic.

Let us know

Silver

Re: LDAP Error on CDR Login

I had the same issue, just restart the DC Directory Server.

Or

http://www.ciscotaccc.com/kaidara-advisor/voice/showcase?case=K12670071

Karzazi

Green

Re: LDAP Error on CDR Login

Hi this is an AD integration , so DCD is disabled.

Community Member

Re: LDAP Error on CDR Login

I have re-run the AD plugin. We were experiencing some more widespread issues previously, especially with the 'ccmadministrator' and 'ac' accounts. I reinstalled the AD plugin across the cluster and most of those issues went away, but this came up shortly after. Would I need to reinstall CDR after reinstalling the AD plugin?

The LDAP information was not listed in the art.ini file, so I added it in as it was configured in the directoryconfiguration.ini file, then restarted the IIS, WWW, and CDR services. Same result.

I do see errors in the Error Log table you specified, of type DirUser.OperationError and com.cisco.art.general.GenARTMajorException. I also grabbed some Netmon captures and I don't see any packets going to or coming from the specified LDAP server.

Looks like my next step is to install CDR. What do you think?

Green

Re: LDAP Error on CDR Login

Hi sbraun,

Yes go ahed and reinstall it after running plugin.

Community Member

Re: LDAP Error on CDR Login

Looks like the CDR re-install did the trick. Thanks!

209
Views
5
Helpful
6
Replies
CreatePlease to create content