Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1797
Views
8
Helpful
3
Replies

CUCM LDAP Authentication via CTI Manager

joshproano
Level 1
Level 1

‎05-19-2010 09:19 PM - edited ‎03-15-2019 10:50 PM

When CUCM is using LDAP for authentication several subsystems including CTI manager utilize this mechanism for device authentication. One for example is the CTI manager the invokes an LDAP authentication process with LDAP when a CUPC user enabled deskphone control.

Generally most LDAP querys (aka searchRequests) have a sizeLimit and timeLimit variable that can control to overall response in addition to the filter.

When an Tomcat authentication request takes place these size and time Limit Values are sent to the LDAP server with 0's for each.

When a CTI authentication request takes place the SizeLimit value is 0, however the timeLimit value is 1996501041 . This variable seems to cause issues with Sun One LDAP systems where the LDAP server returns a timeLimitExceeded... I can execute the exact same searchRequest with a stand alone browser with a timeLimit of 0 and get the appropriate response every time.

Does anyone know why this timeLimit value gets populated on CTI requests from CUCM or what this value actually represents?

Labels:
0 Helpful
3 Replies 3

htluo
Level 9
Level 9

‎05-20-2010 07:56 AM

Cisco use OpenLDAP library to do LDAP authentication.

OpenLDAP library has two interfaces: Java and C/C++.

Cisco Tomcat uses Java.  Cisco CTIManager uses C/C++.  That's why you're seeing the difference.

Even so, a timelimit of 1996501041 shouldn't cause any problem.  That was in the unit of seconds.  Have you got someone looked at the LDAP server side and see why it threw timelimit exceed error?

Thanks!

Michael

joshproano
Level 1
Level 1
In response to htluo

‎05-20-2010 08:31 AM

Hi Michael,

Thanks for the reply. I do know now that the timestamp is a unix epoch timestamp for sometime in 2033.. but this is the only delta in between a successfull result and a failure.. I am requesting logs from the LDAP side of the house to see what type of errors are being collected on that side. Do you know by chance since CTI is C/C++ of this value is compiled into the subsystem or is a variable somewhere that could be changed with the appropriate system access?

JP

0 Helpful

htluo
Level 9
Level 9
In response to joshproano

‎05-20-2010 08:37 AM

You may take a look at http://www.zytrax.com/books/ldap/ch6/#timelimit.

I'm not sure if it's a variable or not. I guess you'll have to get the TAC to talk to the developer to find out.

Michael

http://htluo.blogspot.com

Customers Also Viewed These Support Documents