Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

CUCiMOC LDAP and CUCM Credentials Mismatch

Hi,

Yet another CUCiMOC dicussion

OK so we have CUCM integrated with AD, but not using AD authentication.  All CUCM user IDs are tied to the telephoneNumber field in AD.  We've got the basics of OCS and MOC working.  Now we're trying to integrate CUCiMOC into our setup.

I've set all the CUCiMOC registry entries for AD/LDAP/Attribute names etc.  Extension numbers aren't appearing in MOC but that's another problem.

I can only log into the conversation pane in CUCiMOC using the user id/PIN of CUCM.  When I do, it logs in ok, I get phone control functionality but I continue to get the LDAP Server disconnnected message.  I ran wireshark to see what was happenning and I'm getting LDAP authentication errors to my DC.  Of course I am - it's trying to use the CUCM user id and PIN to authenticate to AD.  I changed the LDAP attributes to use the telephoneNumber field as the login but the PIN in CUCM will never be the same as the password in AD so it continues to fail

So what do you do here - does it need to authenticate to both CUCM and AD correctly??  I don't see how this will ever be possible.

Maybe someone can explain if they've come across this??


Thanks,

Neil

8 REPLIES
Red

Re: CUCiMOC LDAP and CUCM Credentials Mismatch

Take a look at http://www.cisco.com/en/US/docs/voice_ip_comm/cucimoc/8_0/english/installguide/config_clients.html#wp1074207.

The one you're interested in was "ContactService_UseCredentialsFrom".

Michael

http://htluo.blogspot.com

New Member

Re: CUCiMOC LDAP and CUCM Credentials Mismatch

Hi Michael - sorry for the delay in coming back to you.

Thanks for the response, however I'm a little confused with these settings.

When I log onto the MOC client, I use my AD domain username/password.  When I log onto CUCiMOC, I need to use my CUCM usernsme (extn number) and CUCM PIN.  It logs me in fine but it's the CUCiMOC alerts where I get the LDAP authentication error.  When I go into the CICiMOC settings, I can set an "account" username/password which I set to my AD domain username/password and the LDAP error goes away.

I dont' see where to specify this in the settings you pointed me to.

Can you give me some pointers?

Thank in advance,


Neil

Red

Re: CUCiMOC LDAP and CUCM Credentials Mismatch

If your CUCM is integrated with LDAP (Active Directory), you could save some additional credentials (because they use the same credential).

If your CUCM is NOT integrated with LDAP, you'll have to specify LDAP credentials (which you did).

There's no way for CUCIMOC to know that before hand.  Thus you need to tell it with registry settings, which is described in the documentation.

Michael

http://htluo.blogspot.com

New Member

Re: CUCiMOC LDAP and CUCM Credentials Mismatch

Hi Michael,

OK I think I have a handle on it now.

I was logging into CUCiMOC with my CUCM user and my CUCM PIN.  For some reason it was allowing me to log in with this.  But what I hadn't realised was that the CUCM was AD integrated so I tried logging in with my CUCM user and AD password and up came the CTI control.

Once I sent the synchronise creds options to "No Sync", and once i manually set the LDAP creds in CUCiMOC options to use my AD user/password, it keeps it there when i log off/on again.

thanks for the great advise,

Neil

Cisco Employee

Re: CUCiMOC LDAP and CUCM Credentials Mismatch

No Sir, When CUPC logins in we do a bind request each time. So we do not store paswword localy,

when login atatempt occurs we send bind request to the AD and check PWD there

New Member

Re: CUCiMOC LDAP and CUCM Credentials Mismatch

Hi,

If the end user changes their ldap password, will they need to go to the LDAP settings on CUCIMoC and change their password each time?

New Member

Re: CUCiMOC LDAP and CUCM Credentials Mismatch

Hi

I have another question related to this.

If the CUCM is not integrated with AD, but we specify LDAP authentication in the registry for CUCIMOC, will softphone and call control work?

The usernames will be the same, but the passwords will be different. CUCIMOC will authenticate the user via LDAP with AD and that'll work, but how does CUCIMOC client then speak to Call Manager?

Or does this require the user entering their call manager userid and pin manually?

Thanks

New Member

Re: CUCiMOC LDAP and CUCM Credentials Mismatch

"If  the end user changes their ldap password, will they need to go to the  LDAP settings on CUCIMoC and change their password each time?"

Is there any solution?  Any idea's, has anyone experienced the same.

Thanks

1575
Views
10
Helpful
8
Replies