02-18-2019 03:35 AM
Dear All,
would you please tell me the required certificates for secure LDAP integration between active directory and call manager .
shall I use port 3269 or 636 for LDAP authentication?
02-18-2019 04:32 AM - edited 02-18-2019 04:33 AM
Ports 389/636 and 3268/3269 do different things on Active Directory. The latter is for Global Catalog which contains less information per-user but includes the entire AD Forest.
Most people point CUCM at the GC ports but you need to validate that works (ie the needed attributes) are replicated to it.
You need to supply the issuing CA chain to a Tomcat-trust, same as anything you want to trust. If you do not have a properly deployed AD CS instance the DCs will use self-signed certificates only valid for a year. Technically you could upload that from the DCs you point CUCM at but you will need to be replacing them annually and restarting Tomcat.
02-18-2019 09:39 PM
Many thanks for your reply
I used port 3269 as I informed it will make the directory search is faster
I also uploaded the CA and CA issuing certificates and everything is fine except voice services in Jabber for windows
is the DC certificate (domain controller machine ) is still required ?
02-18-2019 09:48 PM
also we have only single domain in the forest . so using port 3269 instead of 636 makes any deference?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide