Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
410
Views
5
Helpful
3
Replies

secure LDAP integration with call manger

networkexpert
Level 1
Level 1

‎02-18-2019 03:35 AM

Dear All, 

would you please tell me the required certificates for secure LDAP integration between active directory and call manager .

shall I use port  3269 or 636 for LDAP authentication?

0 Helpful
3 Replies 3

Jonathan Schulenberg
Hall of Fame
Hall of Fame

‎02-18-2019 04:32 AM - edited ‎02-18-2019 04:33 AM

Ports 389/636 and 3268/3269 do different things on Active Directory. The latter is for Global Catalog which contains less information per-user but includes the entire AD Forest.

Most people point CUCM at the GC ports but you need to validate that works (ie the needed attributes) are replicated to it.

You need to supply the issuing CA chain to a Tomcat-trust, same as anything you want to trust. If you do not have a properly deployed AD CS instance the DCs will use self-signed certificates only valid for a year. Technically you could upload that from the DCs you point CUCM at but you will need to be replacing them annually and restarting Tomcat.

networkexpert
Level 1
Level 1
In response to Jonathan Schulenberg

‎02-18-2019 09:39 PM

Many thanks for your reply

I used port 3269 as I informed it will make the directory search is faster

I also uploaded the CA and CA issuing certificates and everything is fine except voice services in Jabber for windows

is the DC certificate (domain controller machine ) is still required ?

0 Helpful

networkexpert
Level 1
Level 1
In response to Jonathan Schulenberg

‎02-18-2019 09:48 PM

also we have only single domain in the forest . so using port 3269 instead of 636 makes any deference?

0 Helpful
Customers Also Viewed These Support Documents