Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1342
Views
20
Helpful
7
Replies

Secure LDAP Authentication

adamgibs7
Level 6
Level 6

‎11-11-2015 11:16 AM - edited ‎03-17-2019 04:52 AM

Dears,

I have a CUCM & unity connection 11.0 which is integrated with Microsoft AD with an secure LDAP, i am able to sync users on port 636  but authentication fails for users on port 636,

i have installed root certificate of AD in unity connection & CUCM  and restated the tomcat services ,,,when i do a telnet on port 636 the port is open on ldap, but authentication is not working,,,  when i remove the SSL tick and keep port as 389 authentication works fine, now i want to justify to the windows  admin how i can ???

The only difference in unity connection and cucm is TLS box in cucm and ssl box in unity connection,

thanks

1 person had this problem
Labels:
0 Helpful
7 Replies 7

Chris Deren
Hall of Fame
Hall of Fame

‎11-12-2015 06:12 AM

Is the LDAP server also a global catalog? If so have you tried port 3269?

0 Helpful

adamgibs7
Level 6
Level 6
In response to Chris Deren

‎11-13-2015 10:37 PM

Dear Chris,

I tried all the possibilities but the authentication is not working. now i want to justify how could i do that.

thanks

0 Helpful

Tony_paparazzo
Level 1
Level 1
In response to adamgibs7

‎10-04-2017 10:23 AM

i know this has been awhile but did you ever get this fixed..running into same issue

0 Helpful

JanBeyen61476
Level 1
Level 1
In response to Tony_paparazzo

‎04-17-2020 10:20 AM - edited ‎04-20-2020 12:44 AM

Hey,

 

just in case some other poor soul stumbles on this issue and finds this thread...

 

There's a COP file for CUCM 11.x that has "ldap_ssl" (edit: Anthony has posted the title below) in the title, which hasn't fixed the issue for us but TAC recommended installing this on Unity first.

After telling TAC that that did not work, they told me to run this command via Unity's CLI:

 

utils ldap config ipaddr

 

That fixed it for me. We are running IP addresses instead of hostnames though. If you do, too, give this a try!

 

Best

Jan

Anthony Holloway
Cisco Employee
Cisco Employee
In response to JanBeyen61476

‎04-17-2020 11:12 AM

Defect: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCve31804
COP Name: ciscocm.ldap_ssl_certificateNotVerified_fix_v1.3-k3.cop.sgn
COP Link: https://software.cisco.com/download/home/286306100/type/282204704/release/COP-Files
COP ReadMe: https://www.cisco.com/web/software/282204704/18582/CUCM_11.5.1-CSCve31804-COP-Readme.pdf

This seems to only be documented as affecting CUCM 11.5, however, I am seeing this issue on 12.5(1)SU2 right now. I'll see about applying this cop to 12.5. It may not even install and fail on the version check.

JanBeyen61476
Level 1
Level 1
In response to Anthony Holloway

‎04-20-2020 12:34 AM

Hey Anthony,

 

a colleague of mine gave me a hint and let me know that I might have overseen the key fact in my specific case: we haven't entered FQDNs in the LDAP config and that will lead to TLS verification not working.

So, maybe the COP file would have indeed helped with solving the bug behaviour, but I still have misconfiguration on my part.

The CLI command I posted would probably only really disable TLS verification at all and by that, fix the issue...

 

 

Best

Jan

0 Helpful

nbacon001
Level 1
Level 1
In response to Anthony Holloway

‎06-16-2020 01:41 PM - edited ‎06-16-2020 01:41 PM

Hey Anthony,

 

I'm curious. Did the version 11 cop file work for 12.5?

 

Thanks,

Nick Bacon

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents