cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2922
Views
0
Helpful
5
Replies

CUIMP / CUCM 11.x - Jabber client not authenticating using LDAP / Active directory

Glenn R
Level 1
Level 1

Hi, 

Hopefully someone can help here. I have CUCM 10.5 installed and configured with IMP 10.5 and for a softphone we are using Jabber 11.0 with the exact versions here

 

CUCM - 10.5.2.10000-5

CUIMP- 10.5.2.20000-1

Jabber - 11.0.0 Build 65527

 

CUCM is configured for with LDAP enabled for user synchronization and user authentication. We have tested the authentication by authenticating to the self help portal using a LDAP/AD user which is working with no issues. So the LDAP configuration is working but when we come to authenticate a Jabber client with a LDAP/AD user it fails saying the "username or password is not correct" which cannot be as we are using the same user credentials as we used for the self help portal.

I will add that when using a local CUCM user for Jabber works and I am able to successfully authenticate and use the client. 

My understanding is that IMP will authenticate the user back to CUCM and then CUCM will proxy the details to LDAP/AD so this should work. I mention my understanding of how this should work because all the UC servers are located in a DC that is firewalled off. We have a lot of ports opened as indicated by the testing we have already done but are not struggling with the LDAP authentication of Jabber. 

Please respond with any suggestions or more information that would be required

 

 

 

 

 

 

5 Replies 5

Hi Glenn,

Please cross check on below restrictions on having special charaters and space for jabber login:

http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/jabber/Windows/11_0/RN/JABW_BK_C5E7828C_00_cisco-jabber-windows-11-release-notes.html#JABW_RF_LB23C72B_00

If the above is not a problem then please collect jabber problem report and IMP XCP authentication and Tomcat security logs. Those will help to you identify if there is any other reason for authentication failure.

Regards

Hi,

 

There should be no issues with the username as they are all first initial and surname i.e. jsmith. I will work through the log files today thank you for assisting in identifying where I could find the reason for authentication failure 

Hi,

 

I managed to work this out. For LDAP/AD authentication according to Cisco documentation the IMP servers are supposed to proxy authentication requests to the CUCM servers and they handle the authentication with the LDAP/AD servers. This is not the case and I had to open AD GC ports to our AD servers in the DC so that the IMP servers can authenticate the users directly.

 

All working now and thank you all for the help   

Ankoor Bek
Cisco Employee
Cisco Employee

Hi Glenn,

Please try and login to IMP_IP_address/cupsuer with the LDAP imported enduser's credentials.

Also, what type of login method is selected in Jabber client? Is it automatic?

In case of automatic, please manually select the IMP server option by going to Jabber client>>Advanced settings.

Try these and let us know the test results.

Regards,

Ankoor

 

Hi Ankoor,

 

I have tried to login to the cupuser web portal with LDAP /AD credentials but it failed. We have also tried the client with auto-discovery and manual settings with both failing on the LDAP login. Local users are working with no issues it is only the LDAP users.

 

Also as mentioned the LDAP users can authenticate to CUCM using the self care portal.  

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: