Showing results for 
Search instead for 
Did you mean: 

Changing from LDAP to LDAPS on CUCM

Frequent Contributor
Frequent Contributor

Hi All

We need to change from LDAP to LDAPS on our CUCM.

I have change the port to 3269, do I need to tick the use TLS button?

also I assume this wont remove any of my users whilst we do it? I was worried about all the phones logging out?


6 Replies 6


If not changes to the users accounts (UserID) are the same you should be OK.  Check this link and follow recommendation from @Jaime Valencia  AKA the guru ;)

Chris Deren
Hall of Fame Master Hall of Fame Master
Hall of Fame Master

Correct, you need to change the port and tick TLS checkbox,  assuming your LDAP servers and CUCM cluster both trust the same CA, i.e. Tomcat cert is signed by the same CA as LDAP server is using.

There will be no impact to users as you are still pointing to the same LDAP server using the same username mapping attribute.


I just checked our CUCM, there is a a root CA already on there from our domain controller, the type is trust-certs and it says the purpose is CallManager-trust


Would this be OK?


It needs to be in the Tomcat-Trust, but more importantly the actual Tomcat cert needs to be signed by the common CA and not be self signed.  You can always test it by just updating the port and ticking the TLS checkbox on pressing Save as that does not trigger any sync automatically, etc.  If you get an error it's descriptive enough to tell you it's cert related, if it saves without error then it works.


Is it worth me trying as is ?

I assume this will not cause any issues?


Correct, to be on a safer side you can try it on the LDAP Authentication page first as it uses the same connection.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers