Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
653
Views
0
Helpful
4
Replies

TMS PE and OpenLDAP

Go to solution
Krzysztof Pieron
Level 1
Level 1

‎07-18-2013 05:37 AM - edited ‎03-18-2019 01:28 AM

Hello,

We have problem with authorization the Jabber's (Movi) users from LDAP database.

The synchronization between LDAP and TMS is working very well, but any user can't sign in - it's look like, the problem is with passwords.

When I changed the password manually in TMS, everything is ok.

Do You have any special scheme for LDAP and Provisioning users? Or maybe, we need to use any other encription for passwords then md5/clear?

Thanks,

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
aborodai
Level 1
Level 1

‎07-18-2013 06:25 AM

Hello Krzysztof,

Import form LDAP to the TMS is working fine, but it will create just accounts in TMS. Authentication happens on VCS and VCS can send authentication requests only to AD.

In your case you should create manually passwords for all users and send emails to them with credentials or connect TMS and VCS to the MS Active Directory.

Best Regards,

Artem Borodai

View solution in original post

0 Helpful

Go to solution
Martin Koch
VIP Alumni
VIP Alumni

‎07-18-2013 05:46 PM

Also LDAP can be used to authenticate users, have it running here with the legacy mode

and it might be possible to do the same with TMS PE.

On TMS PE the local authentication DB gets populated that could cause issues.

On the other hand TMS can not import passwords, ... I think the password handling

is really not the biggest strength of Jabber Video, ...

Anyhow, authentication can be done via a h350 directory, you would need to have

passwords in clear text which is not so great neither. Not sure if MD5 hashes could work as well.

So if you have full control over your users and cleartext passwords its possible to generate

one ldap tree for your users to get imported (the password does not matter here) by TMS and

one h350 for the VCS.

The other option is just to let TMS create a password and send this password to the user via the email function.

But you will not be able to syncrhonze the password from some other source.

Please remember to rate helpful responses and identify

View solution in original post

0 Helpful
4 Replies 4

Go to solution
aborodai
Level 1
Level 1

‎07-18-2013 06:25 AM

Hello Krzysztof,

Import form LDAP to the TMS is working fine, but it will create just accounts in TMS. Authentication happens on VCS and VCS can send authentication requests only to AD.

In your case you should create manually passwords for all users and send emails to them with credentials or connect TMS and VCS to the MS Active Directory.

Best Regards,

Artem Borodai

0 Helpful

Go to solution
Krzysztof Pieron
Level 1
Level 1
In response to aborodai

‎07-18-2013 07:07 AM

Artem,

Thank You so much for your response.

It's impossible to manually change/create passwords, AD also. Any other idea? ;-)

0 Helpful

Go to solution
aborodai
Level 1
Level 1
In response to Krzysztof Pieron

‎07-18-2013 07:14 AM

Then you can go to the Administrative tools-Configuration-Provisioning Extension settings and enable Password Generation.

Passwords will be automatically generated for imported users.

Best Regards,

Artem Borodai

0 Helpful

Go to solution
Martin Koch
VIP Alumni
VIP Alumni

‎07-18-2013 05:46 PM

Also LDAP can be used to authenticate users, have it running here with the legacy mode

and it might be possible to do the same with TMS PE.

On TMS PE the local authentication DB gets populated that could cause issues.

On the other hand TMS can not import passwords, ... I think the password handling

is really not the biggest strength of Jabber Video, ...

Anyhow, authentication can be done via a h350 directory, you would need to have

passwords in clear text which is not so great neither. Not sure if MD5 hashes could work as well.

So if you have full control over your users and cleartext passwords its possible to generate

one ldap tree for your users to get imported (the password does not matter here) by TMS and

one h350 for the VCS.

The other option is just to let TMS create a password and send this password to the user via the email function.

But you will not be able to syncrhonze the password from some other source.

Please remember to rate helpful responses and identify

0 Helpful
Customers Also Viewed These Support Documents