cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
457
Views
0
Helpful
3
Replies

ICPPX 4.05 and/or Call Mgr 4.13 multiple LDAP servers for redundancy

swharvey
Level 3
Level 3

We are running IPCCX 4.05 in High Availability (active/standby) and Call Manager 4.13 Pub/Sub. In this setup , we use LDAP for AD authentication instead of DC directory (not my choice...things you inherit in life).

Can the Call Mgr's and/or the IPCCX servers be setup to point to more than one LDAP server for redundancy?

Can CM 4.13 and/or IPCCX 4.05 support LDAPS (like I said, the things you inherit)?

Our sysadmin team took down our primary DC server, and with it all LDAP lookup functins broke. Needless to say, they will be setting up LDAP and/or LDAPS on our Primary and Backup DC's in the near future.

Any information/suggestions/recommendatinos are appreciated.

Thanks,

-Scott

1 Accepted Solution

Accepted Solutions

Gergely Szabo
VIP Alumni
VIP Alumni

Hello,

that IS possible.

If the CRS web admin interface (/appadmin) is available:

1. Log in

2. Navigate to System>LDAP information

3. Enter the FQDN's/IP addresses (I recommend the latter) for the LDAP servers, separated by commas (for instance, I have something like in our lab: 'ldapserver.domain.as,10.1.1.1' - works like charm)

4. a window will pop up asking whether the LDAP information should be created or you just want to add another LDAP server (~configuration already there). Choose wisely :-)

5. Reboot the server. No, restarting the CRS engine is not enough.

If the CRS web admin interface is not available (~ like you said Mr. Sysadmin took down the primary DC server), the there is a chance to get rid of that guy ;-) Anyway, there is still a chance you can get it working. Of course, the LDAP server should already contain the correct configuration.

1. Log into the CRS server using rdesktop/VNC

2. Look for this file: C:\Program Files\wfavvid\properties\directory.properties It is just a plain text file. Look for this CCNIniFile=c:\\winnt\\system32\\ccn\\ccndir.ini

Actually, it may be something else as well, this is the default path.

3. That file contains the information we are looking for: LDAPURL "ldap://10.1.1.1:389,ldap://10.1.1.2:389" plus other important stuff like passwords and base DN's.

Change it according to your needs. :-)

4. Reboot the server.

Good luck.

G.

View solution in original post

3 Replies 3

Gergely Szabo
VIP Alumni
VIP Alumni

Hello,

that IS possible.

If the CRS web admin interface (/appadmin) is available:

1. Log in

2. Navigate to System>LDAP information

3. Enter the FQDN's/IP addresses (I recommend the latter) for the LDAP servers, separated by commas (for instance, I have something like in our lab: 'ldapserver.domain.as,10.1.1.1' - works like charm)

4. a window will pop up asking whether the LDAP information should be created or you just want to add another LDAP server (~configuration already there). Choose wisely :-)

5. Reboot the server. No, restarting the CRS engine is not enough.

If the CRS web admin interface is not available (~ like you said Mr. Sysadmin took down the primary DC server), the there is a chance to get rid of that guy ;-) Anyway, there is still a chance you can get it working. Of course, the LDAP server should already contain the correct configuration.

1. Log into the CRS server using rdesktop/VNC

2. Look for this file: C:\Program Files\wfavvid\properties\directory.properties It is just a plain text file. Look for this CCNIniFile=c:\\winnt\\system32\\ccn\\ccndir.ini

Actually, it may be something else as well, this is the default path.

3. That file contains the information we are looking for: LDAPURL "ldap://10.1.1.1:389,ldap://10.1.1.2:389" plus other important stuff like passwords and base DN's.

Change it according to your needs. :-)

4. Reboot the server.

Good luck.

G.

Hello,

First off, well done on the step by step documentation. They were able to get the primary DC/LDAP server online and we can access the CRS web admin. Once we get the secondary LDAP server working, I will add the ip address per your instructions.

Your piece about accessing the CRS Web admin while the LDAP is offline brings up a good point. Is there a way to configure the CRS Web Admin so that it uses a local account and not LDAP? We only require LDAP for the agents authentication/lookup functions.

Thanks,

-Scott

Hello Scott,

I am afraid there is no way to force CRS to use local Windows account to log into the /appadmin web interface... Actually, CRS uses LDAP as a repository ~ a good deal of configuration information and scripts are stored there. The bottom line is if you want to have a functional CRS installation, you want to have a functional LDAP server (either the DC Directory service on the CallManager server or Active Directory).

Have fun,

G.