cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
553
Views
0
Helpful
4
Replies

Photo Directory LDAP Connection

jvanschenck
Level 1
Level 1

I keep getting "User Not Found" using the photodirectory.jsp. Are we supposed to hit the Call Manager server with LDAP queries? I've been trying to use our corporate LDAP (Active Directory) through our primary DC, but I've noticed a hard coded OU setting in the User.java that makes me suspect I should be using Call Manager in my searches.

4 Replies 4

stephan.steiner
Spotlight
Spotlight

The app is made to be used with call manager, but with a little gruntwork, you can turn it into something that works with any kind of directory. It needs some generalization on your part though to permit the use of any root and any search path.

Stephen,

Thanks for responding - I was really pulling my hair out. We have Active Directory integrated with CallManager, and I'm finding more and parameters in their java classes that are CISCO dependent, along with comments to that effect.

Have you had to "unwind" this before? I'm about ready to build my own LDAPProvider class!

I have in fact done it, although my search method is pretty close to the sendRequest method by Cisco, except that I'm throwing custom exceptions back including all the info about the ldap query (I never quite could figure out what was going wrong unless you log that kind of thing) and my return values use generics so as to spare me the casting.

One thing I added was search controls.. I'm doing server side sorting whenever possible, but you gotta be careful with that. AD supports it, OpenLDAP doesn't (I just banged me head for a while last week wondering about an error message I got back from an OpenLDAP server last week.. turns out it simply doesn't do server side sorting).. so you probably want to have a look at Collections.sort as well.

You might also want to do some connection pooling by adding the following to the env variable:

env.put("com.sun.jndi.ldap.connect.pool", "true");

That way, your second and third request won't take so long to get the context initiated.. that's especially important if you do many queries to the same directory hierarchy (e.g. searching your AD users multiple times).

But other than that, the LDAPProvider.java class is quite good.. it's the part above that that you need to change.. every directory needs a different root and base search path. When I first got started, I spent quite some time figuring out what to put as root and what as base search path.. I finally settled on accessing the directory by ldap browser, which can search for your roots, then use the most specific one, and use the path from that root down the tree until the branch that you want to search as the base search path (in Cisco's code they call it searchbase).

Oh, and you might also want to be more flexible as to the scope.. sometimes one level is enough, sometimes it isn't (you can verify that by launching your search via ldapbrowser). Since ldapbrowser is java based, it's the ideal tool to make your tests.. it will be based on the same classes and methods you're going to be using, so if you can get it to work with ldapbrowser, you can get it to work in your code, and if ldapbrowser fails, there's no point wasting your time trying to adjust your own code.

So my suggestion would be to make these few modifications to the cisco ldap provider, and then just worry about what you put above that (you need to process the hashmap with the results somehow).

Stephan,

Sorry for the lack of response - we're looking for a product at this point, not that I wouldn't love to tinker with this. Do you know of a CISCO developer that can make this happen, or are you willing to share/sell what you have?