When CUCM is using LDAP for authentication several subsystems including CTI manager utilize this mechanism for device authentication. One for example is the CTI manager the invokes an LDAP authentication process with LDAP when a CUPC user enabled deskphone control.
Generally most LDAP querys (aka searchRequests) have a sizeLimit and timeLimit variable that can control to overall response in addition to the filter.
When an Tomcat authentication request takes place these size and time Limit Values are sent to the LDAP server with 0's for each.
When a CTI authentication request takes place the SizeLimit value is 0, however the timeLimit value is 1996501041 . This variable seems to cause issues with Sun One LDAP systems where the LDAP server returns a timeLimitExceeded... I can execute the exact same searchRequest with a stand alone browser with a timeLimit of 0 and get the appropriate response every time.
Does anyone know why this timeLimit value gets populated on CTI requests from CUCM or what this value actually represents?
Cisco use OpenLDAP library to do LDAP authentication.
OpenLDAP library has two interfaces: Java and C/C++.
Cisco Tomcat uses Java. Cisco CTIManager uses C/C++. That's why you're seeing the difference.
Even so, a timelimit of 1996501041 shouldn't cause any problem. That was in the unit of seconds. Have you got someone looked at the LDAP server side and see why it threw timelimit exceed error?
Thanks for the reply. I do know now that the timestamp is a unix epoch timestamp for sometime in 2033.. but this is the only delta in between a successfull result and a failure.. I am requesting logs from the LDAP side of the house to see what type of errors are being collected on that side. Do you know by chance since CTI is C/C++ of this value is compiled into the subsystem or is a variable somewhere that could be changed with the appropriate system access?