Re: Cisco Jabber 11.8 - Directory - OpenLDAP - Unable to resolve contacts (unable to change ANR to C...

Filipe Tavares · ‎12-13-2016

Hi Guys,

Just installed Cisco Jabber 11.8 and updated the jabber-config to reflect the recent changes on directory integration (EDI/BDI to CDI), but since the upgrade I'm unable to resolve contacts.

Data:

Directory Type: OpenLDAP

Bind: Bind successful with specific credential (both on jabber-config and service profile)

As we are searching an openldap server, we're setting the jabber-config parameter "PredictiveSearchFilter" to CN, because ANR (Ambiguous Name Resolution) is an Active Directory Feature, not supported by openldap;

We're also setting the "Predictive Search Filter (Only used for Advance Directory)" on the Service Profile to CN, but all the searches are being made with ANR.

jabber-config - directory parameters:

<PresenceDomain>domain.com</PresenceDomain>

<PrimaryServerName>server.domain.com</PrimaryServerName>

<ConnectionUsername>uid=user,ou=Accounts,o=domain.com</ConnectionUsername>

<SearchBase1>ou=Search,o=domain.com</SearchBase1>

<PhotoSource>jpegPhoto</PhotoSource>

<BusinessPhone>privExtensionPhone</BusinessPhone>

<HomePhone>telephoneNumber</HomePhone>

<OtherPhone>homePhone</OtherPhone>

<PredictiveSearchFilter>cn</PredictiveSearchFilter>

</Directory>

Search filter captured on Wireshark:

(&(objectClass=person)(ANR=andre*))

This settings on 11.7 are working as expected. Does anyone encounter this issue?

Thanks,

Regards

reseaux.pri · ‎01-09-2017

Hi,

I can confirm the exact same behaviour here, all requests are made using the ANR and is ignoring the predicitvesearchfilter value

I was also not able to bind to my openldap using anonymous. (The new parameter UseAnonymousBinding seems to be ignored). I have to user credentials instead !

Regards,

Marc Zanuttini

Curtis.Becker93 · ‎01-09-2017

Hello,

I can also confirm that we are encountering this as well. Reverting back to 11.7 was the only way to solve our issue.

Lookups to AD 2012 forest are failing.

Thank you!

Vincent PRADELL · ‎01-10-2017

Hello,

I have the same issue here.

To resolve it, I have to change OpenLDAP configuration and add this :

# filter: (&(objectClass=inetOrgPerson)(|(?ANR=curie*)))

# I get the "curie*" string and construct new filter with it to perform search with attribute cn, sn, givenName and o.

# I have some issue to configure regex with '(' ')' match so I construct new filter from scratch.

overlay rwm
rwm-rewriteEngine on
rwm-rewriteContext searchFilter
rwm-rewriteRule "^(.*)?ANR=([^)]*)" "(&(objectClass=inetOrgPerson)(|(|(|(cn=$2)(sn=$2))(givenName=$2))(o=$2)))"

####

In jabber configuration file, I have defined the basefilter, which is used to rewrite the filter.

<BaseFilter>(&(objectClass=inetOrgPerson)</BaseFilter>

But some fields are not displayed anymore on jabber client (like displayName, company) even if I force the mapping in jabber configuration file.

Maybe it's related with the UserAccountName used ("cn").

Regards,

Vincent PRADELL

Vincent PRADELL · ‎01-11-2017

Hi,

I have remapped all fields needed in jabber configuration, and now everything is fine with this configuration.

Regards,

Vincent PRADELL

aoster · ‎01-17-2017

Dear Vincent,

I am currently facing the same issue with Jabber always using ANR and would like to try your solution with rewriting but unfortunately I do not know how to implement this with our OpenLdap. Our LDAP server is configured to use OLC and I have no clue how to configure your proposed rewrite rules with it.

Can you help me with this ?

Thank you.

best regards

Andreas

aoster · ‎01-18-2017

Hello Vincent,

managed to implement it as follows:

Create new LDIF to activate rwm module

rwm_moduleAdd.ldif:

dn: cn=module{0},cn=config
changetype: modify
add: olcModuleLoad
olcModuleLoad: rwm

Add to LDAP config:

ldapmodify -D "cn=admin,cn=config" -x -W -f rwm_moduleAdd.ldif

Create new LDIF for rewrite configuration:

rwm_searchRewrite.ldif:

dn: olcOverlay={0}rwm,olcDatabase={1}hdb,cn=config
objectClass: olcOverlayConfig
objectClass: olcRwmConfig
olcOverlay: {0}rwm
olcRwmRewrite: {0}rwm-rewriteEngine "on"
olcRwmRewrite: {1}rwm-rewriteContext "searchFilter"
olcRwmRewrite: {2}rwm-rewriteRule "^(.*)?ANR=([^)]*)" "(&(objectClass=inetOrgPerson)(|(|(|(cn=$2)(sn=$2))(givenName=$2))(o=$2)))"
olcRwmTFSupport: false
olcRwmNormalizeMapped: FALSE

Add to LDAP config:

ldapadd -D "cn=admin,cn=config" -x -W -f rwm_searchRewrite.ldif

Comment: !! olcDatabase={1}hdb might need to be changed for other environments !!

Hope this is correct :-)

best regards

Andreas

at · ‎05-31-2017

Hi,

which Version of Cisco Jabber for Windows do you use ?

We run with J4W 11.8.3 and we have no issue with contact search (Directory Source : OpenLdap)

example:

contact search "niep"...

2017-05-31 16:00:20,458 DEBUG [0x00000330] [rc\main\person-ldap\LdapSearcher.cpp(53)] [csf.person.ldap] [csf::person::ldap::LdapSearcher::search] - filter = (&(objectClass=inetOrgPerson)(|(sn=niep*))), baseDN=o=xxxxxxxx,c=xxxxxxxx

regards

Alex

A_ · ‎09-12-2017

It may be too late, but since Cisco Jabber 11.8 it is mandatory that you add <UseANR>false</UseANR>.

Before it worked without it. After the update to Cisco Jabber 11.8 you have to add this parameter into jabber-config.xml.

Cisco Jabber 11.8 - Directory - OpenLDAP - Unable to resolve contacts (unable to change ANR to CN)