09-29-2011 03:20 AM - edited 03-19-2019 03:42 AM
Hi All,
I'm trying to use LDAP Authentication via SSL (Internal Policy dictates this).
I can successfully do an unencrypted authentication which is allowed just for testing but as soon as I enable SSL this stops working. It appears in the trace that CUCM isn't correctly formatting the DN that it is trying to bind with once SSL is enabled.
I have included the two traces below it looks like CUCM is missing the convertToBindDN section when SSL i enabled. I've running CUCM Version 8.6.1.20000-1. I've looked through the bug toolkit and found no bugs relating to this. I'm going to try and follow this up with Cisco but thought I'd see if anyone else has successfully used SSL LDAP Authentication with CUCM 8.6?
With SSL disabled :-
2011-09-28 14:51:06,924 DEBUG [http-8443-2] impl.AuthenticationLDAP - isLDAPURL: url=ldap://LDAPSRV:389/cn=MYUSER,ou=XXXX,ou=XXXX,ou=XXXX,o=XXXX
2011-09-28 14:51:06,925 DEBUG [http-8443-2] impl.AuthenticationLDAP - isLDAPURL: url contains ldap://. Returning true.
2011-09-28 14:51:06,925 DEBUG [http-8443-2] impl.AuthenticationLDAP - searchUserDn: dn is LDAPURL=ldap://LDAPSRV:389/cn=MYUSER,ou=XXXX,ou=XXXX,ou=XXXX,o=XXXX
2011-09-28 14:51:06,925 DEBUG [http-8443-2] impl.AuthenticationLDAP - convertToBindDN: ldapURL=ldap://LDAPSRV:389/cn=MYUSER,ou=XXXX,ou=XXXX,ou=XXXX,o=XXXX
2011-09-28 14:51:06,925 DEBUG [http-8443-2] impl.AuthenticationLDAP - convertToBindDN: Returning dn=cn=MYUSER,ou=XXXX,ou=XXXX,ou=XXXX,o=XXXX
2011-09-28 14:51:06,925 DEBUG [http-8443-2] impl.AuthenticationLDAP - searchUserDn: dn after convertToBindDN=cn=MYUSER,ou=XXXX,ou=XXXX,ou=XXXX,o=XXXX
2011-09-28 14:51:06,926 DEBUG [http-8443-2] impl.AuthenticationLDAP - searchUserDn: returning dn=cn=MYUSER,ou=XXXX,ou=XXXX,ou=XXXX,o=XXXX for user MYUSER
2011-09-28 14:51:06,926 DEBUG [http-8443-2] impl.AuthenticationLDAP - authenticateUserWithPassword: calling auth as dn search is successful for user MYUSER and the dn is cn=MYUSER,ou=XXXX,ou=XXXX,ou=XXXX,o=XXXX
2011-09-28 14:51:06,926 DEBUG [http-8443-2] impl.AuthenticationLDAP - auth: dn=cn=MYUSER,ou=XXXX,ou=XXXX,ou=XXXX,o=XXXX
With SSL Enabled :-
2011-09-29 09:46:26,410 DEBUG [http-8443-1] impl.AuthenticationLDAP - isLDAPURL: url=ldaps://LDAPSRV:636/cn=MYUSER,ou=XXXX,ou=XXXX,ou=XXXX,o=XXXX
2011-09-29 09:46:26,410 DEBUG [http-8443-1] impl.AuthenticationLDAP - isLDAPURL: url doesn't contains ldap://. Returning false.
2011-09-29 09:46:26,410 DEBUG [http-8443-1] impl.AuthenticationLDAP - searchUserDn: returning dn=ldaps://LDAPSRV:636/cn=MYUSER,ou=XXXX,ou=XXXX,ou=XXXX,o=XXXX for user MYUSER
2011-09-29 09:46:26,410 DEBUG [http-8443-1] impl.AuthenticationLDAP - authenticateUserWithPassword: calling auth as dn search is successful for user MYUSER and the dn is ldaps://LDAPSRV:636/cn=MYUSER,ou=XXXX,ou=XXXX,ou=XXXX,o=XXXX
2011-09-29 09:46:26,411 DEBUG [http-8443-1] impl.AuthenticationLDAP - auth: dn=ldaps://LDAPSRV:636/cn=MYUSER,ou=XXXX,ou=XXXX,ou=XXXX,o=XXXX
Thanks of listening!
Mike