cant seem to get the CMS 2.0 syncing with LDAP. CUCM is syncing fine with LDAP so i dont know where to look. tried via the web gui and API but still cannot sync. any pointers where im going wrong?
error i got from the CMS logs. i am certain i typed in the user and password correct as this was also the credentials i used in CUCM
|2017-03-01||14:22:16.497||Error||LDAP sync: bind failed with code 49 (invalidCredentials)|
|2017-03-01||14:22:16.497||Info||LDAP sync: LDAP server diagnostics message: 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1|
|2017-03-01||14:22:16.497||Warning||LDAP sync operation failed|
Appears the username/password is incorrect, have you tried to retype the password and verified the username is correct?
Try using domain\username instead of the distinguished name.
Also, you should remove the literal space you have in the Space URI, this field will generate the URL for the user's space and shouldn't contain spaces.
Please use the format for username as email@example.com
Make sure your Base distinguished name is proper from syntax perspective, may be try with DC=root OU, DC=COM,DC=PH
Put the filter in closed bracket, username as $sAMAccountNamefirstname.lastname@example.org
make sure your "IP Phone" parameter is not having any duplicate value in AD, if any duplicate value then it won't allowed to work in CMS.
YOu can try to sync removing the secondary URI part.
Simply delete the AD configuration from CMS through whatever process you used to add them using, ie: web interface or API. Once you've removed the AD configuration, perform a sync and it will remove all user accounts and Spaces.
I have a little different issue. apparently the AD is not clean and the ipPhone filed has duplicates all over the place. (I have confirmed this after looking up the AD with an ldap browser). Also, all other extension fields like telephoneNumber are even worse with spaces and duplicates.
Considering the AD management is beyond my control, is there a filter I can use which ignores and doesn't imports the duplicates where it sees the value in ipPhone as being duplicate? or can this product not be used at all.
any input is welcome!.
I don't think it's possible to omit duplicate entries and CMS doesn't support them as you've observed, either remove the duplicates or don't import the telephoneNumber/ipPhone.
I am importing these fields to auto-generate the "Space secondary URI user part" and "Space call ID".
I managed to filter only a select few users (very small subset, but without duplicates). Furthermore, in the user's spaces page there is an option to "add" them manually. none of the options are suitable to my issue, and for now I'm not very impressed.
I agree, it would be nice if CMS could disregard duplicate entries within AD, and not import those users. However, IMHO it really comes down how you manage your Active Directory that is the issue. I have the same issue as you, however it's something that either has to be fixed within AD or simply don't import the field that contains duplicates.
Hi All, I am rather new to CMS and was wondering how to "not import a field that has duplicates within it"? I have a number of Doctors within AD and they have their telephoneNumber fields populated with their secretaries numbers so when searching from any Cisco phone it does not populate their actual number. Unfortunately this creates duplicates and as such CMS fails the AD Sync.
try to use port 3268 Global catalog if not then use 389.
also try the tool LDAP admin and connect using the same service account.
you should be able to fetch Base DN using that service account.
then try back in CMS . it would work.
please rate and mark answered if helpful.
I have very similar issues. Did you get this solved? if so, then paste your solution please.
"It appears my customer installed the Acano Manager without me knowing it earlier and put in LDAP configuration there and synced with the CMS solution. So there was LDAP configuration both in Webadmin and in the API from the AM and that cause the conflict in the LDAP sync. I removed the AM sync and deleted all API config on the CMS for LDAP as they did not want to use AM.
With that done and only have LDAP conf in the webadmin solved it..."
My CMS environment is having the same issue after upgrade to build version 2.1.10.
I have also tested and verified the AD service account has a valid user id and password. So, it is not an invalid user id or password issue. Opening a Service Record with Cisco TAC, if I can not figure this out myself.
I get the following error messages:
2017-08-29 12:54:56.416 Warning LDAP sync operation failed
2017-08-29 12:54:59.677 Info 10.200.164.73: web user "sharifm" created new LDAP sync operation db396f61-b7ab-4768-82ae-7453bda006fb
2017-08-29 12:54:59.677 Info LDAP sync operation starting
2017-08-29 12:54:59.785 Error LDAP sync: bind failed with code 49 (invalidCredentials)
2017-08-29 12:54:59.785 Info LDAP sync: LDAP server diagnostics message: 80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, data 52e, v2580
2017-08-29 12:54:59.785 Warning LDAP sync operation failed
Could you please tell me the LDAP User name password which we integrate with CMS , so what is the minimum and maximum user rights to give it in ACTIVE Directory end ????