Jabber Password Sync with LDAP

phonehome · ‎08-20-2021

Hi all. We are using CUCM 11.5.1, integrated with AD using LDAP. We are seeing a problem when users change their Windows password. Usually, when a user changes their password, it syncs up with Jabber within minutes. But other times, Jabber will not sync it at all. Even after entering the new password manually in Jabber account settings, we still see failed authentications. This doesn't seem to cause any issues for the end user, but our monitoring software doesn't like it. When this happens, sometimes we will see thousands of failed authentication attempts between the Jabber server and the endpoint before the passwords sync up. Why does this happen?

Thanks

Elliot Dierksen · ‎08-21-2021

This is just a guess, but most likely because the DC they used to change the password isn't the DC that CUCM uses for LDAP authentication. It takes a while for that change to propagate from the DC where it was changed to the one CUCM is using for LDAP authentication.

Adam Pawlowski · ‎08-23-2021

^^ or with infrastructure using LDAP and not tokens, Jabber is attempting to authenticate to services with the user's credential that was supplied on sign in, and hasn't prompted the user yet to sign in again.