Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
422
Views
0
Helpful
4
Replies

Callmanager LDAP Authentication when PUB is down

Go to solution
miket
Level 5
Level 5

‎10-05-2016 06:06 PM - edited ‎03-17-2019 08:16 AM

I am trying to understand that if I am using LDAP sync with authentication and the PUB goes down can I still authenticate.  It looks like a request uses IMS but the SRND is not real clear on what happens when the PUB goes down. I did have a case where I lost the pub and an application that runs on phones that authenticates to LDAP failed and when the PUB was back all was okay. I am not sure if the application was the issue or the pub.

Hope makes sense , I am running CUCM 11.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Aseem Anand
Cisco Employee
Cisco Employee
In response to miket

‎10-05-2016 07:34 PM

Hi,

You are most welcome! Please rate if you find it useful. Coming to the discussion, you understood it correctly.  All servers have the ldap . From the application point, you need to make sure it tries to connect to the SUB as well for LDAP authentication and should not rely on the PUB only. You can run the below command on SUB to check as well:

admin:run sql select * from ldapauthentication
pkid ldapdn ldappassword userbase authenticatewithcorpdir
==================================== ========================== ================================================================ =========================== =======================
a8d94ff0-4627-eecc-0d8d-e2ee69123b32 Administrator@ciscohcs.com 4984425fc4f23dc65738f3b409057008a3005f4741e7197d8882e864933a3ab7 cn=users,dc=ciscohcs,dc=com t

Aseem

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Aseem Anand
Cisco Employee
Cisco Employee

‎10-05-2016 06:21 PM

Hi,

The LDAP authentication will continue to work as each node in the cluster has LDAP configuration info in DB because the tables get synched. If the user or the application server is contacting the sub which is up, there will not be any issue though the PUB is down.

Aseem

0 Helpful

Go to solution
miket
Level 5
Level 5
In response to Aseem Anand

‎10-05-2016 06:45 PM

Thanks for quick answer. So what I gathered is LDAP is sync'd to IMS library ( a simple interpretation)  which I assume is all servers. Sorry I guess I am just stating what you just said.

The SRND is a little confusing and since my users couldn't authenticate untill the PUB came back it made me question what I thought to be true.

Now I have to find the problem

Thanks for quick answer

0 Helpful

Go to solution
Aseem Anand
Cisco Employee
Cisco Employee
In response to miket

‎10-05-2016 07:34 PM

Hi,

You are most welcome! Please rate if you find it useful. Coming to the discussion, you understood it correctly.  All servers have the ldap . From the application point, you need to make sure it tries to connect to the SUB as well for LDAP authentication and should not rely on the PUB only. You can run the below command on SUB to check as well:

admin:run sql select * from ldapauthentication
pkid ldapdn ldappassword userbase authenticatewithcorpdir
==================================== ========================== ================================================================ =========================== =======================
a8d94ff0-4627-eecc-0d8d-e2ee69123b32 Administrator@ciscohcs.com 4984425fc4f23dc65738f3b409057008a3005f4741e7197d8882e864933a3ab7 cn=users,dc=ciscohcs,dc=com t

Aseem

0 Helpful

Go to solution
miket
Level 5
Level 5
In response to Aseem Anand

‎10-05-2016 08:29 PM

Thanks for the quick and detailed response.  I am glad I am not loosing my mind. SO now the hard part kicking it back to the vendor to try and work with us to sort this out.

Thanks again have a good night

0 Helpful
Customers Also Viewed These Support Documents