Re: Password not synching to CM 6.1 when LDAP authentication is

MARK HANDERMANN · ‎08-29-2008

The users are reflecting in CM 6.1 from active directory are active but the passwords are not synchronising when I try to logon to ccmuser using AD account passwords any ideas on this ?? Any suggestions will be of great help

gogasca · ‎08-31-2008

What are the values for LDAP Authentication option,

CUCM never stores the AD passwords/synch them.

We only redirect the auth request to AD based on the LDAP auth configuration

MARK HANDERMANN · ‎09-01-2008

First of all thanks a ton for replying ....The scenario is as follows

LDAP Directory Information

LDAP Configuration Name: CN=Administrator,CN=Users,DC=cisco,DC=com

LDAP password: *********

LDAP User SearchBase: cn=Users,DC=cisco,DC=com

The Synchronization works perfectly fine when I create user in AD it is replicated in CM 6.1 but when I try to logon using the same credentials as AD for that user using

http://CMhostname:8443/ccmuser the same credentials as I have in AD the authentication fails !! does not accept the same password as Active directory. Do we need to change something on Tom cat web server for accepting the authentication

vmilanov · ‎09-01-2008

Hi,

Synchronization with LDAP and authentication against LDAP are two different processes. The synchronization process is aimed to retrieve the list of users and their properties from a the AD's database (but not the passwords|, whereas the authentication, you know already, it is used to validate a username-password pair.

So they work different. The synch process uses the 'Administrator' user, that you have configured to bind via LDAP and read the database. It has to have read-only rights within the LDAP.

The authentication process uses the username and password pair, that a user has entered to bind, on behalf of that user, to the LDAP, and if the bind has been successful, the authentication credentials are valid.

HTH,

Vasil

Ayodeji Okanlawon · ‎09-01-2008

Have you configured the LDAp Authentication? IN CCM??

Please rate all useful posts

Ayodeji Okanlawon · ‎09-01-2008

Hi,

You need to configure the LDAP authentication option just as you did setup the LDAP server on CCM.

Please rate all useful posts

MARK HANDERMANN · ‎09-01-2008

Yes the LDAP authentication is already configured on CCM thanks for your reply though

vmilanov · ‎09-01-2008

Hi again,

UCM6.x does make difference whether the user is an end-user or a system ('application' in UCM 6.x) user. The UCM Administrator user is being considered an 'Application' user, and so its credentials are being kept locally on the UCM LDAP repository. If you would like to make a LDAP user an administrative one, you should assign it a UCM administrative role. Toy can do that by clicking on the username from the User Management->End Users, and then go to bottom of the page, 'Permissions Information' group, and add the user to the UCM Administrators group - 'Standard CCM Admin Users'. The same way you can assign other roles to users.

By default end-users, that were synched from the LDAP do not belong to any group, or do not have any role.

HTH,

Vasil

MARK HANDERMANN · ‎09-01-2008

Vasil

Thanks so much ..I guess that should work let me try that here real quick

vmilanov · ‎09-02-2008

Sorry,

I didn't saw that you are loging in to the ccmuser page.

As I wrote above, the LDAP authentication is a process where the UCM binds to the AD on behalf of the user, i.e. with the credentials, that user has entered, as if the UCM is the user itself. If it binds successfully, then the credentials are OK.

If the user-password pair you use have not been miss-typed, the next thing to check is which LDAP attribute you have chosen for user ID.

The place to set this is in System->LDAP->LDAP System->'LDAP Attribute for User ID*'.

The native to MS AD is sAMAccountName, but it might be also mail address, or userPrincipalName. I use sAMAccountName.

Regards,

Ayodeji Okanlawon · ‎09-01-2008

I didnt understand your problem properly...

When you try to login to ccmuser page, your end users are not authenticated?

For this to owrk, you need to associate your end users to Standard CCM end user group...You do not need to assign them to Admin user roles...

Please rate all useful posts

MARK HANDERMANN · ‎09-02-2008

I did assign the users to standard CCM end users group but still I am not able to get authenticated also tried assigning them Admin roles but still cant login to ccmuser page ?? any more ideas ?

edguidry · ‎08-06-2009

Hello. What was the resolution to the LDAP auth issue? I am having the same problem.

Thanks!

Eddie

jasondrisc · ‎08-12-2009

Hello, I am currently trying to set this up in a lab environment and running into the same issue. I would be very interested to hear the resolution.

Thanks,

Jason

david-lima · ‎08-12-2009

Hi guys, verify the configuration of the LDAP Manager Distinguished Name, LDAP Password and the most important the LDAP User Search Base.

I have a similar problem becasue a miss configuration of the User Base Search.

Hope this help

David

Password not synching to CM 6.1 when LDAP authentication is enabled