Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation

Who Me Too'd this topic

SSL LDAP Authentication

williamsmj7
Level 1
Level 1

‎09-29-2011 03:20 AM - edited ‎03-19-2019 03:42 AM

Hi All,

I'm trying to use LDAP Authentication via SSL (Internal Policy dictates this).

I can successfully do an unencrypted authentication which is allowed just for testing but as soon as I enable SSL this stops working. It appears in the trace that CUCM isn't correctly formatting the DN that it is trying to bind with once SSL is enabled.

I have included the two traces below it looks like CUCM is missing the convertToBindDN section when SSL i enabled. I've running CUCM Version 8.6.1.20000-1. I've looked through the bug toolkit and found no bugs relating to this. I'm going to try and follow this up with Cisco but thought I'd see if anyone else has successfully used SSL LDAP Authentication with CUCM 8.6?

With SSL disabled :-

2011-09-28 14:51:06,924 DEBUG [http-8443-2] impl.AuthenticationLDAP - isLDAPURL: url=ldap://LDAPSRV:389/cn=MYUSER,ou=XXXX,ou=XXXX,ou=XXXX,o=XXXX

2011-09-28 14:51:06,925 DEBUG [http-8443-2] impl.AuthenticationLDAP - isLDAPURL: url contains ldap://. Returning true.

2011-09-28 14:51:06,925 DEBUG [http-8443-2] impl.AuthenticationLDAP - searchUserDn: dn is LDAPURL=ldap://LDAPSRV:389/cn=MYUSER,ou=XXXX,ou=XXXX,ou=XXXX,o=XXXX

2011-09-28 14:51:06,925 DEBUG [http-8443-2] impl.AuthenticationLDAP - convertToBindDN: ldapURL=ldap://LDAPSRV:389/cn=MYUSER,ou=XXXX,ou=XXXX,ou=XXXX,o=XXXX

2011-09-28 14:51:06,925 DEBUG [http-8443-2] impl.AuthenticationLDAP - convertToBindDN: Returning dn=cn=MYUSER,ou=XXXX,ou=XXXX,ou=XXXX,o=XXXX

2011-09-28 14:51:06,925 DEBUG [http-8443-2] impl.AuthenticationLDAP - searchUserDn: dn after convertToBindDN=cn=MYUSER,ou=XXXX,ou=XXXX,ou=XXXX,o=XXXX

2011-09-28 14:51:06,926 DEBUG [http-8443-2] impl.AuthenticationLDAP - searchUserDn: returning dn=cn=MYUSER,ou=XXXX,ou=XXXX,ou=XXXX,o=XXXX for user MYUSER

2011-09-28 14:51:06,926 DEBUG [http-8443-2] impl.AuthenticationLDAP - authenticateUserWithPassword: calling auth as dn search is successful for user MYUSER and the dn is cn=MYUSER,ou=XXXX,ou=XXXX,ou=XXXX,o=XXXX

2011-09-28 14:51:06,926 DEBUG [http-8443-2] impl.AuthenticationLDAP - auth: dn=cn=MYUSER,ou=XXXX,ou=XXXX,ou=XXXX,o=XXXX

With SSL Enabled :-

2011-09-29 09:46:26,410 DEBUG [http-8443-1] impl.AuthenticationLDAP - isLDAPURL: url=ldaps://LDAPSRV:636/cn=MYUSER,ou=XXXX,ou=XXXX,ou=XXXX,o=XXXX

2011-09-29 09:46:26,410 DEBUG [http-8443-1] impl.AuthenticationLDAP - isLDAPURL: url doesn't contains ldap://. Returning false.

2011-09-29 09:46:26,410 DEBUG [http-8443-1] impl.AuthenticationLDAP - searchUserDn: returning dn=ldaps://LDAPSRV:636/cn=MYUSER,ou=XXXX,ou=XXXX,ou=XXXX,o=XXXX for user MYUSER

2011-09-29 09:46:26,410 DEBUG [http-8443-1] impl.AuthenticationLDAP - authenticateUserWithPassword: calling auth as dn search is successful for user MYUSER and the dn is ldaps://LDAPSRV:636/cn=MYUSER,ou=XXXX,ou=XXXX,ou=XXXX,o=XXXX

2011-09-29 09:46:26,411 DEBUG [http-8443-1] impl.AuthenticationLDAP - auth: dn=ldaps://LDAPSRV:636/cn=MYUSER,ou=XXXX,ou=XXXX,ou=XXXX,o=XXXX

Thanks of listening!

Mike

1 person had this problem
Labels:
0 Helpful
Who Me Too'd this topic