09-04-2007 04:05 PM - edited 03-14-2019 11:22 PM
I created an account in AD to setup as LDAP manager in CCM but login failure with that account.
-account created in AD=CCMLDAPAdmin/12345
-in '/users' context, delegate 'Read' privilege to CCMLDAPAdmin
In CCM, set 'LDAP Manager Distinguised Name=CCMLDAPAdmin/12345' but I have the error message,
"Login Failure to Host ldap://10.1.10.11:389, Please Re-Enter LDAP Manager Distinguished Name and Password"
Please advise why login failure with the account 'CCMLDAPAdmin'
Thanks in advance,
Solved! Go to Solution.
09-05-2007 06:14 AM
I've seen this before and the issue is that when configuring CM to work with this, you need to mention the Canonical Name (CN) and not the Login ID. In most cases, the CN is the same as the Display Name of the user. To check for Cononical Name for the user, in ADUC, Select Advanced Options. Go to the User Properties and mention the Name mentioned after users "....users/XXXX XXXX"
Hope this helps
09-04-2007 08:05 PM
Make sure the account is not locked and try to change the cn to other that doesnt include / and confirm the CN name.
09-04-2007 11:13 PM
Hello cjrchoi11,
I think you have to enter the full path into this field and not only the SamAccountName (UserID).
So here an example of what I?m talking about:
CN=Administrator,CN=Users,DC=test,DC=enviroment,DC=com
"CN=Administratior" can be adapted to your User CCMLDAPAdmin.
"CN=Users" is your directory in which your account is in.
"DC=test,DC=enviroment,DC=com" is your domain you have in this example "test.enviroment.com"
Please be carefull the entries are Case-Sensitive.
Good luck in advance
Best regards
Torsten
09-05-2007 01:30 AM
Thanks guys,
let me describe in detail,
1. create an account in AD as name 'CCMLDAPAdmin' which copy from 'administraor'
2. configure in CCM
-ldap distinguished name: cn=CCMLDAPAdmin,cn=users,dc=ucdemo,dc=com
-ldap password: ****
-ldap user search base: dc=ucdemo,dc=com
3. I'm sure the account 'CCMLDAPAdmin' is not locked and correct password but always 'login failed' error message.
4. it works okay if I put 'administrator'. looks CCM doesn't like any account other than 'administrator'
CCM SRND recommends to use a dedicated account which has 'read' previlege for all users but I cannot achive....
Thanks in advance,
09-05-2007 06:14 AM
I've seen this before and the issue is that when configuring CM to work with this, you need to mention the Canonical Name (CN) and not the Login ID. In most cases, the CN is the same as the Display Name of the user. To check for Cononical Name for the user, in ADUC, Select Advanced Options. Go to the User Properties and mention the Name mentioned after users "....users/XXXX XXXX"
Hope this helps
09-05-2007 06:47 PM
Hey Mahesh,
it works with canonical name format.... I'm not MS (or LDAP) expert and couldn't find out this info.. Looks others are works with userID but why mine doesn't. my AD server is w2k-sp4.
BR, John
09-06-2007 05:03 AM
Yes, Cm 5.x code looks to be changed such that it uses the CN which it should be using since we use the naming as cn.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide