cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
13663
Views
5
Helpful
15
Replies

CMS with LDAP

royd24
Level 1
Level 1

cant seem to get the CMS 2.0 syncing with LDAP. CUCM is syncing fine with LDAP so i dont know where to look. tried via the web gui and API but still cannot sync. any pointers where im going wrong?

error i got from the CMS logs. i am certain i typed in the user and password correct as this was also the credentials i used in CUCM

2017-03-01 14:22:16.497 Error LDAP sync: bind failed with code 49 (invalidCredentials)
2017-03-01 14:22:16.497 Info LDAP sync: LDAP server diagnostics message: 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1
2017-03-01 14:22:16.497 Warning LDAP sync operation failed
15 Replies 15

Patrick Sparkman
VIP Alumni
VIP Alumni

Appears the username/password is incorrect, have you tried to retype the password and verified the username is correct?

Try using domain\username instead of the distinguished name.

Also, you should remove the literal space you have in the Space URI, this field will generate the URL for the user's space and shouldn't contain spaces.

yes already retyped the username.password. also tried domain.com\user, user@domain.com, as well as the user only but still no go.

Hi,

Please use the format for username as user@domain.com.ph

Make sure your Base distinguished name is proper from syntax perspective, may be try with DC=root OU, DC=COM,DC=PH

Put the filter in closed bracket, username as $sAMAccountName$@domain.com.ph

make sure your "IP Phone" parameter is not having any duplicate value in AD, if any duplicate value then it won't allowed to work in CMS.

YOu can try to sync removing the secondary URI part.

Regards,

Raaj

How did you remove the LDAP configurations? I  messed up my import and need to delete all the users and try again

Simply delete the AD configuration from CMS through whatever process you used to add them using, ie: web interface or API.  Once you've removed the AD configuration, perform a sync and it will remove all user accounts and Spaces.

Hi,

I have a little different issue. apparently the AD is not clean and the ipPhone filed has duplicates all over the place. (I have confirmed this after looking up the AD with an ldap browser). Also, all other extension fields like telephoneNumber are even worse with spaces and duplicates.

Considering the AD management is beyond my control, is there a filter I can use which ignores and doesn't imports the duplicates where it sees the value in ipPhone as being duplicate? or can this product not be used at all.

any input is welcome!.

thanks.

I don't think it's possible to omit duplicate entries and CMS doesn't support them as you've observed, either remove the duplicates or don't import the telephoneNumber/ipPhone.

Thanks Patrick,

I am importing these fields to auto-generate the "Space secondary URI user part" and "Space call ID".

I managed to filter only a select few users (very small subset, but without duplicates). Furthermore, in the user's spaces page there is an option to "add" them manually. none of the options are suitable to my issue, and for now I'm not very impressed.

I agree, it would be nice if CMS could disregard duplicate entries within AD, and not import those users.  However, IMHO it really comes down how you manage your Active Directory that is the issue.  I have the same issue as you, however it's something that either has to be fixed within AD or simply don't import the field that contains duplicates.

Hi All, I am rather new to CMS and was wondering how to "not import a field that has duplicates within it"? I have a number of Doctors within AD and they have their telephoneNumber fields populated with their secretaries numbers so when searching from any Cisco phone it does not populate their actual number. Unfortunately this creates duplicates and as such CMS fails the AD Sync.

Ammar Saood
Spotlight
Spotlight

try to use port 3268  Global catalog if not then use 389.

also try the tool LDAP admin and connect using the same service account.

you should be able to fetch Base DN using that service account.

then try back in CMS . it would work.

HTH

AMMAR

please rate and mark answered if helpful.

Fredrik Dahlin
Level 1
Level 1

I have very similar issues. Did you get this solved? if so, then paste your solution please.

Solved
"It appears my customer installed the Acano Manager without me knowing it earlier and put in LDAP configuration there and synced with the CMS solution. So there was LDAP configuration both in Webadmin and in the API from the AM and that cause the conflict in the LDAP sync. I removed the AM sync and deleted all API config on the CMS for LDAP as they did not want to use AM.

With that done and only have LDAP conf in the webadmin solved it..."

msharifi
Level 4
Level 4

My CMS environment is having the same issue after upgrade to build version 2.1.10.

I have also tested and verified the AD service account has a valid user id and password. So, it is not an invalid user id or password issue. Opening a Service Record with Cisco TAC, if I can not figure this out myself.

I get the following error messages:

2017-08-29 12:54:56.416 Warning LDAP sync operation failed
2017-08-29 12:54:59.677 Info 10.200.164.73: web user "sharifm" created new LDAP sync operation db396f61-b7ab-4768-82ae-7453bda006fb
2017-08-29 12:54:59.677 Info LDAP sync operation starting
2017-08-29 12:54:59.785 Error LDAP sync: bind failed with code 49 (invalidCredentials)
2017-08-29 12:54:59.785 Info LDAP sync: LDAP server diagnostics message: 80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, data 52e, v2580
2017-08-29 12:54:59.785 Warning LDAP sync operation failed

 

Could you please tell me the LDAP User name password which we integrate with CMS , so what is the minimum and maximum user rights to give it in ACTIVE Directory end ????