Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
575
Views
0
Helpful
4
Replies

Adding Additional OU to CUCM and CUPS causing Jabber login failures

timmy8ken1
Level 1
Level 1

‎05-16-2016 08:36 PM - edited ‎03-19-2019 11:07 AM

Hello,

I am in the process of migrating users to a new OU structure in our Active Directory. Initial testing has caused Jabber clients to no longer login when a user is moved to the new OU, giving "Your username or password is not correct" message in the Jabber client.

I have successfully added the new OU structure to the CUCM (System Version 8.6.2.25900-8), and when I run a full sync of the new LDAP directory the users in the new OU are updating details within CUCM. For example if I change the details of a test user in Active Directory then the details will update correctly in the End User Configuration screen of CUCM. The phone handsets are all working correctly and logins there happen on them with no problem.

On the Cisco Unified Presence (System Version 8.6.5.15900-3) Admin site I have added the new OU to 'Application' > ' Cisco Jabber' > 'LDAP Profile'. I have then assigned the new LDAP Profile in the 'Cisco Jabber User Settings'

I can see via the tomcat security logs from the CUPS server that every login attempts still queries the old OU (OU=Accounts,DC=domain,DC=forest,DC=int):

2016-05-17 11:32:49,792 DEBUG [http-8443-10] impl.AuthenticationLDAP - searchUserDn: performing search with userBase=OU=Accounts,DC=domain,DC=forest,DC=int, filter=(&(objectClass=user)(sAMAccountName=taitken)), constraints=javax.naming.directory.SearchControls@f56c1
2016-05-17 11:32:49,795 DEBUG [http-8443-10] impl.AuthenticationLDAP - searchUserDn: userEnum=com.sun.jndi.ldap.LdapSearchEnumeration@108c718
2016-05-17 11:32:49,795 DEBUG [http-8443-10] impl.AuthenticationLDAP - searchUserDn: connectionTryCount=0, MAX_TRIES=3
2016-05-17 11:32:49,795 DEBUG [http-8443-10] impl.AuthenticationLDAP - searchUserDn: userEnum = com.sun.jndi.ldap.LdapSearchEnumeration@108c718
2016-05-17 11:32:49,796 DEBUG [http-8443-10] impl.AuthenticationLDAP - searchUserDn: Search returns null or empty Enum for user taitken

If I move my user back to the original OU, then the login is successful:

2016-05-17 11:31:45,153 DEBUG [http-8443-10] impl.AuthenticationLDAP - searchUserDn: performing search with userBase=OU=Accounts,DC=domain,DC=forest,DC=int, filter=(&(objectClass=user)(sAMAccountName=taitken)), constraints=javax.naming.directory.SearchControls@e14094
2016-05-17 11:31:45,155 DEBUG [http-8443-10] impl.AuthenticationLDAP - searchUserDn: userEnum=com.sun.jndi.ldap.LdapSearchEnumeration@2731e3
2016-05-17 11:31:45,155 DEBUG [http-8443-10] impl.AuthenticationLDAP - searchUserDn: connectionTryCount=1, MAX_TRIES=3
2016-05-17 11:31:45,155 DEBUG [http-8443-10] impl.AuthenticationLDAP - searchUserDn: userEnum = com.sun.jndi.ldap.LdapSearchEnumeration@2731e3
2016-05-17 11:31:45,156 DEBUG [http-8443-10] impl.AuthenticationLDAP - searchUserDn: userEntry = CN=Aitken\, Tim,OU=XP Desktop Users,OU=Corporate: null:null:{distinguishedname=distinguishedName: CN=Aitken\, Tim,OU=XP Desktop Users,OU=Corporate,OU=Accounts,DC=domain,DC=forest,DC=int}
2016-05-17 11:31:45,156 DEBUG [http-8443-10] impl.AuthenticationLDAP - searchUserDn: userEntry is relative.

Any help with this problem would be greatly appreciated.

Regards,


Tim

1 person had this problem
Labels:
0 Helpful
4 Replies 4

Jaime Valencia
Cisco Employee
Cisco Employee

‎05-17-2016 10:52 AM

OK, the user is not being duplicated here, right??

Just one user within those OUs have that userID you're using.

HTH

java

if this helps, please rate
0 Helpful

timmy8ken1
Level 1
Level 1
In response to Jaime Valencia

‎05-17-2016 08:28 PM

Hi Jamie,

No duplicates, if my user account is in the 'Accounts' OU I can log in to jabber, if it is in the new OU I can't.

Tim

0 Helpful

Jaime Valencia
Cisco Employee
Cisco Employee
In response to timmy8ken1

‎05-18-2016 07:07 AM

Have you tried restarting the LDAP service after you move the users?

HTH

java

if this helps, please rate
0 Helpful

timmy8ken1
Level 1
Level 1
In response to Jaime Valencia

‎05-24-2016 12:18 AM

I have just restarted the Cisco UP Sync Agent on the CUPS server, and the same problem occurs. I have checked the logs again and it is just as I have added to the original post.

2016-05-24 17:02:28,904 DEBUG [http-8443-1] impl.AuthenticationLDAP - searchUserDn: performing search with userBase=OU=Accounts,DC=domain,DC=forest,DC=int, filter=(&(objectClass=user)(sAMAccountName=taitken)), constraints=javax.naming.directory.SearchControls@154f1e
2016-05-24 17:02:28,907 DEBUG [http-8443-1] impl.AuthenticationLDAP - searchUserDn: userEnum=com.sun.jndi.ldap.LdapSearchEnumeration@7ddbe0
2016-05-24 17:02:28,908 DEBUG [http-8443-1] impl.AuthenticationLDAP - searchUserDn: connectionTryCount=0, MAX_TRIES=3
2016-05-24 17:02:28,908 DEBUG [http-8443-1] impl.AuthenticationLDAP - searchUserDn: userEnum = com.sun.jndi.ldap.LdapSearchEnumeration@7ddbe0
2016-05-24 17:02:28,908 DEBUG [http-8443-1] impl.AuthenticationLDAP - searchUserDn: Search returns null or empty Enum for user taitken

Is there another service that I should be looking at restarting?

Tim

0 Helpful
Customers Also Viewed These Support Documents