Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

CUCM 9 + CUPS 8.X + Jabber 9 Mac

Hi!

I am trying to deploy Jabber for Mac and Ipads (version 9), and everithing is ok, the problem is the Software Phone, always in "Disconected" state, if i use Jabber for Mac 8.X, it works.. the client register to my jabber software phone and my deskphone, by the way, only deskphone works in Jabber 9 for Mac and iPad, i revised all the configuration files in cucm and cups.. any help?

Thank You!

Everyone's tags (6)
4 REPLIES
New Member

Re: CUCM 9 + CUPS 8.X + Jabber 9 Mac

My configurations of BDI options in jabber-config.xml:

  EDI

  1

  true

  sAMAccountName

  http://img.domain.net/sAMAccountName.jpg

  BDI

  AD

  ad01.domain.net

  3268

  admuser@domain.net

  password

  DC=domain,DC=net

  True

  sAMAccountName

  http://img.domain.net/sAMAccountName.jpg

  userPrincipalName (testing)

  userPrincipalName (testing)

My mail address at AD is: @fullnamedomain.net

My mail address at Jabber is: @domain.net

New Member

Re: CUCM 9 + CUPS 8.X + Jabber 9 Mac

Ok I figured out what is going on as far as SSL directory searches of AD, though there are aspects I still don't understand.  In one of the docs for Jabber v9.2.1 it says that you can't use the global catalog with a Mac.  So why the Mac client defaults to 3268 is beyond me.  But I also can't use BDIServerPort1=636 and BDIEnableTLS=1 or 0.  But I can use 389 and TLS=1 and I can see using wireshark that it is encrpting the the directory query to AD.

389

1

That works.  Apparently 389+TLS and LDAPS aren't the same thing.  The ipad document here distinguishes between "LDAP TCP 389 LDAP with optional TLS" and "Secure LDAP 636 LDAPS". Sounds similar to SFTP vs FTPS.

Ports and Protocols Used in Cisco Jabber for iPad  http://www.cisco.com/en/US/prod/collateral/voicesw/ps6789/ps6836/ps12430/deployment_guide_c22-718393.html

See here too:

http://www.openldap.org/faq/data/cache/605.html

Still, I don't know why Mac Jabber won't use port 636 in any form for me.  Only 389.  The full xml file is here:

   

        BDI

        AD

        1.1.1.1

        mycompany.com

        389

        ou=My Users,dc=ad,dc=mycompany,dc=com

        uc_query@ad.mycompany.com

        my_password

        1

        (&(objectCategory=person) (this is the default value; use your own)

   

New Member

Re: CUCM 9 + CUPS 8.X + Jabber 9 Mac

Update: I swear it was encrypting the directory search with SSL over port 389 but I can't duplicate that.  I'll work with Cisco on ldaps on 636.  But the xml file above does work for me without SSL on 389.

Also, the docs say "Cisco Jabber for Mac does not support port 3269 (Active Directory Global Catalog over LDAPS)", not Global Catalog generally.  It may not work for me over 3268 because of our AD setup.  I'm not an AD guy and another group manages that.

New Member

CUCM 9 + CUPS 8.X + Jabber 9 Mac

Ok, the problem was that BDIEnableTLS needs to be 'True' and not '1'.  So it seems StartTLS (as an extended operation) works over port 389 on the Mac Jabber client and the plain SSL method doesn't.  I see the Windows version has a 'UseSSL' parameter but the Mac one doesn't so maybe that is just the way the Mac client works at this point.


757
Views
0
Helpful
4
Replies