Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
959
Views
0
Helpful
3
Replies

CUCM 11.5 LDAP Sync too many bind request with LDAP server

p-blalock
Level 1
Level 1

‎08-24-2018 09:50 PM - edited ‎03-17-2019 01:23 PM

I have my CUCM 11.5 directory syncing once a week, but the CUCM is sending a bind (auth) request to the LDAP server about every 2 seconds.  The DC is logging to a Splunk server and the shear number of bind/unbind request from the CUCM to the LDAP server is causing the Splunk license, measured by throughput, to be continuously violated.  If I restart the CUCM DirSync service, the CUCM stops sending the bind requests until the next scheduled sync cycle and then starts its exponential bind requests all over again; Splunk log entries from this issue can reult in as many as 400,000 over a 10 minute interval.  Has anyone seen or experienced this problem?  If so, what was done to correct?

Labels:
0 Helpful
3 Replies 3

Slavik Bialik
Level 7
Level 7

‎08-25-2018 01:13 AM

Hi,

I had a similar issue something like a month ago with one of my clients, I'm not sure in 100% what was the solution as the customer wasn't very cooperative with sharing the details, but in my case there was a Firewall (Palo Alto) in the middle (between the CUCM and the LDAP server) and the security IT guy said he saw logs that are stating the Firewall is doing Application Control on LDAP protocol. He told me he disabled application control on LDAP and the issue is resolved (but maybe he's done some more things, and he didn't want to share).

Hope this lead helps.

0 Helpful

Mohammed al Baqari
Level 11
Level 11

‎08-25-2018 06:03 AM

Bind requests aren't very related to sync. Sync will sync the users in CUCM DB while bind are relied from CUCM to LDAP when users are trying the login.

If CUCM keeps trying to bind authentications, check if CUCM is receiving the response from LDAP server. It seems that CUCM is retrying but getting a response.
0 Helpful

dustinn3
Level 1
Level 1

‎05-17-2019 07:15 AM

Did you ever find a resolution to this issue?  I'm experiencing the same behavior after upgrading Unity from 9.1 to 12.  My domain controller logs are filling up with 1000's of requests per second from Unity causing my drives to fill up every couple of days.  I've had a case open with TAC for 2 months and the Unity TAC case owner did another webex yesterday and finally admitted that he had no idea how LDAP works or what a Microsoft Windows Domain Controller is or what Event Viewer is, he and the next person he transferred me to kept asking if it was a Cisco product.    I lost it and had my account team escalate the case since I was getting nowhere.  

0 Helpful
Customers Also Viewed These Support Documents