CUPS Problem with LDAP

scr.sybex1 · ‎11-05-2016

Dear,

I have CUPS 8.6 and CUCM 8.6 and LDAP 2012.

I integrate CUCM with CUP. integrate ADDS 2012 with CUCM as LDAP Authentication.

the problem is that everything works fine until i make logon to on user in ADDS and no jabber user (android, ios, windows) login after i set logon to.

I appreciate if you could help me with that.

Jonathan Schulenberg · ‎11-05-2016

This seems to be expected behavior to me. You have told AD that the user can only bind from certain computer objects. When CUCM wants to authenticate a user it attempts an LDAP bind against the defined DC(s) as that user. You can see this happen by configuring the LDAP Authentication on a non-secure port such as 389 or 3268 and taking a pocket capture.

Sinilar Google search result: https://serverfault.com/questions/703164/how-to-work-around-a-logon-workstations-restriction-to-the-domain-controller-s/703219

If none of the suggestions out there work you could look at SAML SSO an alternative. In that design CUCM no longer does an LDAP bind as the user for any UI that supports SSO.

scr.sybex1 · ‎11-06-2016

Thanks,

is there anyway that i can join CUCM to domain and put it's workstation on log on to workstation in adds it would help the problem because the same problem happen for ACS and when i set ACS computer account on ADDS in user logon to attribute all the things work correctly.

Dear,

Jonathan Schulenberg · ‎11-07-2016

Nope. CUCM cannot be AD-joined.

Jaime Valencia · ‎11-05-2016

AFAIK you need the latest SU on 9.1(2) to support LDAP 2012, 8.6 does not support that version.

HTH

java

if this helps, please rate