03-22-2018 12:37 PM
I am using updateLdapDirectory to update the ldap password. UCM response with successful update, however, the password is stored in DB with plain text, instead of encrypted:
----------AXL debug, shows everything is good -----------------
2018-03-22 15:28:49,193 DEBUG [http-bio-8443-exec-3] servletRouters.AXLAlpha - AXL REQUEST :
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<SOAP-ENV:Body>
<axl:updateLdapDirectory xmlns:axl="http://www.cisco.com/AXL/API/10.5" sequence="1">
<name>Admin - SuperUser Sync</name>
<ldapPassword>6L7THAeqeu8N!MES</ldapPassword>
</axl:updateLdapDirectory>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
...
2018-03-22 15:28:49,204 DEBUG [http-bio-8443-exec-3] axlapiservice.Handler - update directorypluginconfig set LdapPassword='6L7THAeqeu8N!MES' where pkid='14240ed0-322c-da4a-4653-fddd3db5ff30'
2018-03-22 15:28:49,214 DEBUG [http-bio-8443-exec-3] axlapiservice.UpdateLdapDirectoryHandler - UpdateLdapDirectory completed
2018-03-22 15:28:49,218 DEBUG [http-bio-8443-exec-3] axlapiservice.AXLCallFlow - In commit transaction and created pub connector
2018-03-22 15:28:49,218 DEBUG [http-bio-8443-exec-3] axlapiservice.Axl - Connection closed and hashmap entry removed in AXL.java closing connection
2018-03-22 15:28:49,218 DEBUG [http-bio-8443-exec-3] axlapiservice.AXLCallFlow - Commit transaction connector object closed
2018-03-22 15:28:49,221 DEBUG [http-bio-8443-exec-3] servletRouters.AXLAlpha - <?xml version='1.0' encoding='UTF-8'?><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"><soapenv:Body><ns:updateLdapDirectoryResponse xmlns:ns="http://www.cisco.com/AXL/API/10.5"><return>{14240ED0-322C-DA4A-4653-FDDD3DB5FF30}</return></ns:updateLdapDirectoryResponse></soapenv:Body></soapenv:Envelope>
-------check DB, password is in clear text ----------
admin:run sql select * from directorypluginconfig
pkid agreementstatus ldapdn ldappassword ldapsynchronizationbase incsyncstatus highestcommittedusn syncnow invocationid fullsyncstatus connectedldaphost name fkldapfilter tkldapdirectoryfunction fkfeaturegrouptemplate mask applymask applypoollist syncgroups fkldapfilter_group userrank
==================================== =============== =========================================================== ================ ======================================== ============= =================== ======= ================================ ============== ================= ========================== ==================================== ======================= ==================================== ==== ========= ============= ========== ================== ========
14240ed0-322c-da4a-4653-fddd3db5ff30 1 CN=ucm.admin.gen,OU=Generics,OU=LAB Users,DC=LAB,DC=com 6L7THAeqeu8N!MES OU=Admins,OU=LAB Users,DC=LAB,DC=com 0 54553862 0 2f2dd55f7b5f4747b3c636debc0a9cf3 0 64.100.37.70 Admin - SuperUser Sync a5fce3a2-8ee4-dd10-f98c-26fe6a905638 0 30600e3e-4efd-6f93-d322-dc08fdbffa9f NULL f f f NULL 1
Is it something expected?
03-22-2018 01:39 PM
I have been able to reproduce this problem (on CUCM 11.5), and have opened a defect for tracking: CSCvi61573
Thanks for reporting! If you would like to inquiry about a possible 'engineering special' to validate a fix, please open a ticket with DevNet Developer Support: https://developer.cisco.com/site/devnet/support/
03-22-2018 01:46 PM
Thanks David for the prompt reply and action.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: