05-11-2016 05:00 PM - edited 03-17-2019 06:06 PM
Hello,
I have Jabber working on our iPhones, but the directory search is not working. If I configure the jaber-config.xml to define our AD server IP, search base, BDIConnectionUsername and BDIConnectionPassword it works. but I do not like the fact that the username and password are in clear text.
Is there a way to configure this that should work without defining the credentials in the jabber-config file?
The sanitized version of my jabber-config entries that get the directory working are:
<?xml version="1.0" encoding="utf-8"?>
<config version="1.0">
<Directory>
<BDIPrimaryServerName>LDAP Server IP</BDIPrimaryServerName>
<BDIPresenceDomain>Presence Domain (different then AD domain)</BDIPresenceDomain>
<BDIServerPort1>389</BDIServerPort1>
<BDISearchBase1>OU=People,DC=mydomain,DC=com</BDISearchBase1>
<BDIConnectionUsername>username@mydomain.com</BDIConnectionUsername>
<BDIConnectionPassword>Password</BDIConnectionPassword>
</Directory>
</config>
I tried setting the LDAP credentials and such on my "Cisco Dual Mode for iPhone" device in CUCM, but that did not seem to work. should it? Was I maybe just doing something wrong? Any thoughts or suggestions would be appreciated.
05-11-2016 05:25 PM
You only have two options, either you check the Use Logged On User Credential option in the service profile, assuming the credentials are valid LDAP credentials to log into LDAP, or if you do not check that option, you need to define the username/pwd in the .xml file
You can create a special user with read only permissions for this.
05-11-2016 07:16 PM
Thanks for the quick response Jaime.
I did try the use Logged On User Credential option, but that is not working for me. The credentials I am logging into Jabber with are valid AD credentials, but I am missing something.
I have a directory UC service created with
Product Type: Directory
Name: Dir2
Host Name / IP Address: (AD IP Address)
Port: 389
Protocol TCP
I also have and Enhanced Directory I created to test with. same settings plus:
Connection Type: Global Catalog
User Secure Connection: checked
all others unchecked / blank
On the Service Profile assigned to my user, the Directory Profile settings as follows:
Primary: Dir2
Secondary / Tertiary: not set
Use UDS for Contact Resolution unchecked (tried both checked and unchecked)
Use Logged On User Credential: Checked
Username and Password blank
Search Base 1: ou=folder,dc=mydomain,dc=com
search base 2 and 3 blank
recursive search checked
search timeout 5 seconds
base filter and predictive search blank
still no directory on iPhone (works fine on windows client though)
I tried using the Enhanced Directory instead, same results
Do I need to reset or restart anything after setting the service profile? or just close and relaunch client?
We are using a read only account for our AD sync, but I still don't like the idea of sharing it out in clear text, I did try by using the credentials I am logging into Jabber with as the BDIConnectionUsername in the jabber-config.xml file and that worked, so the logged on credentials should work, not sure what I am missing though.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide