cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
690
Views
5
Helpful
6
Replies

CCM5.1, LDAP manager account with read privilege

cjrchoi11
Level 1
Level 1

I created an account in AD to setup as LDAP manager in CCM but login failure with that account.

-account created in AD=CCMLDAPAdmin/12345

-in '/users' context, delegate 'Read' privilege to CCMLDAPAdmin

In CCM, set 'LDAP Manager Distinguised Name=CCMLDAPAdmin/12345' but I have the error message,

"Login Failure to Host ldap://10.1.10.11:389, Please Re-Enter LDAP Manager Distinguished Name and Password"

Please advise why login failure with the account 'CCMLDAPAdmin'

Thanks in advance,

1 Accepted Solution

Accepted Solutions

I've seen this before and the issue is that when configuring CM to work with this, you need to mention the Canonical Name (CN) and not the Login ID. In most cases, the CN is the same as the Display Name of the user. To check for Cononical Name for the user, in ADUC, Select Advanced Options. Go to the User Properties and mention the Name mentioned after users "....users/XXXX XXXX"

Hope this helps

View solution in original post

6 Replies 6

gogasca
Level 10
Level 10

Make sure the account is not locked and try to change the cn to other that doesnt include / and confirm the CN name.

torsten.brink
Level 1
Level 1

Hello cjrchoi11,

I think you have to enter the full path into this field and not only the SamAccountName (UserID).

So here an example of what I?m talking about:

CN=Administrator,CN=Users,DC=test,DC=enviroment,DC=com

"CN=Administratior" can be adapted to your User CCMLDAPAdmin.

"CN=Users" is your directory in which your account is in.

"DC=test,DC=enviroment,DC=com" is your domain you have in this example "test.enviroment.com"

Please be carefull the entries are Case-Sensitive.

Good luck in advance

Best regards

Torsten

Thanks guys,

let me describe in detail,

1. create an account in AD as name 'CCMLDAPAdmin' which copy from 'administraor'

2. configure in CCM

-ldap distinguished name: cn=CCMLDAPAdmin,cn=users,dc=ucdemo,dc=com

-ldap password: ****

-ldap user search base: dc=ucdemo,dc=com

3. I'm sure the account 'CCMLDAPAdmin' is not locked and correct password but always 'login failed' error message.

4. it works okay if I put 'administrator'. looks CCM doesn't like any account other than 'administrator'

CCM SRND recommends to use a dedicated account which has 'read' previlege for all users but I cannot achive....

Thanks in advance,

I've seen this before and the issue is that when configuring CM to work with this, you need to mention the Canonical Name (CN) and not the Login ID. In most cases, the CN is the same as the Display Name of the user. To check for Cononical Name for the user, in ADUC, Select Advanced Options. Go to the User Properties and mention the Name mentioned after users "....users/XXXX XXXX"

Hope this helps

Hey Mahesh,

it works with canonical name format.... I'm not MS (or LDAP) expert and couldn't find out this info.. Looks others are works with userID but why mine doesn't. my AD server is w2k-sp4.

BR, John

Yes, Cm 5.x code looks to be changed such that it uses the CN which it should be using since we use the naming as cn.