Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
915
Views
0
Helpful
1
Replies

CMS and LDAP

Chet Cronin
Level 4
Level 4

‎08-31-2018 11:23 PM - edited ‎03-18-2019 02:20 PM

Hello ... I am running AcanoX3 with CMS 2.2.8 version

LDAP is sync complete

 

Problem:  Keep getting "The username or password you entered is incorrect."

1.  Verified my user name and password work logging into my local computer.

2.   I log into CMS Admin and AD and perform a successful SYNC per the log.

3.  Here is my config

Address:  Correct xxx.xxx.192.254

Port:  389

Secure Connection: "unchecked"

Username:     CN= "service account" Rest of path is good
Password:    Service account password good

Corporate Directory Settings:  

Restrict search to searcher OU:   "checked"

Base Distinguished name:   (base domain name example:   DC=example etc.

Filter:   extensionattribute15=dc

 

Field Mapping Expressions

Display name:   $AMAccountName$

Username:  $AMAccountName$example.com

Spacename:  $AMAccountName$.cospace

SpaceURI user part:  $AMAccountName$.cospace

Space secondary user part:  Blank

Space call ID:  Blank

 

Any Ideas will help.

Thank you.

 

 

 

 

 

 

Chet Cronin
Labels:
0 Helpful
1 Reply 1

Patrick Pettit
Cisco Employee
Cisco Employee

‎09-05-2018 04:52 PM

HI Chet. Just throwing some stuff out here. 

 

The filter you have is extensionattribute15=dc?  I don't see this in any of the mappings for the space or the users, but is this something that you need to filter on to pull your users?  Just curious is all.  If sAMAccountName is required perhaps try (sAMAccountName=*) as a filter perhaps?  

 

Just making sure to, that under Status>Users, you have users there and you are logging in with the xmpp jid domain?  In your ldap setup you have $AMAccountName$example.com, its missing the @ symbol, but maybe thats a typo here?  

 

Anyhow, you are running on port 389, so you can probably take a packet trace to see what the AD server is returning as it will send your common name to the AD server in a simple bind request to log in.  If you see something like: 80090308: LdapErr: DSID-0C090400, comment: AcceptSecurityContext error, data 52e, v1db1, result code invalidCredentials, then something may be wrong with the password.  If you see some sort of ldap referral being done, then maybe try the global catalog port of 3268.  

But if you do, and you are filtering on extensionattribute15, make sure its part of the global catalog before proceeding.  

0 Helpful
Customers Also Viewed These Support Documents