Hi,

1. Is there any space in the user name?

    You are asking about "sAMAccountName" or "CN"  space?

2. Is the correct user search space configured and being used for ldap?

    Yes, i am using the same LDAP User Search Base which we used in CUCM Integration with LDAP. For Example: (OU=XXXX( CEO ),DC=ABC,DC=AA,DC=COM)

Muhammad

Hi Muhammad,

I was referring to the space in the username that is being used to login into PCA.

Manish

Hi Manish,

No, there is no space. Shall we use "sAMAccountName" or "CN" for username. Shall we login into PCA using <domainname>\username ?

Muhammad

Hi Muhammad,

For first time login please use the default username "globaladmin" ,

Prime Collaboration is preconfigured with a default web client administrator user called globaladmin; globaladmin is a superuser who can access both the Prime Collaboration Assurance and Prime Collaboration Provisioning UIs.

Specify a password for globaladmin when you configure your virtual appliance (for either stand-alone products or converged application. You need to use these credentials when you launch the Prime Collaboration web client for the first time.

http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/collaboration/10-0/assurance/advanced/guide/Cisco_Prime_Collaboration_Assurance_Guide_Advanced_10/bk_assurance_guide_advanced_chapter_0100.html

Manish

Hi Manish,

I already done that but my question is after LDAP integration has been done. When I try to login with LDAP user, Should I use "sAMAccountName" or "CN" for LDAP authentication. Shall I login into PCA using <domainname>\username for LDAP authentication.

Hi,

Prime has a very typical password requirement. Please make sure the LDAP password meets the following requirements:

• Must contain at least one lowercase letter, uppercase letter, number, and special character (exclamation(!), at(@), hash(#), dollar($), asterisk(*), coma(,), full stop(.))

• Cannot repeat a character in the password more than three times.

• Cannot contain non-ASCII characters such as minus(-), percent(%), plus(+), ampersand(&) , or a space.

• Cannot be Cisco or ocsic or any variant by changing the capitalization of letters, or by substituting 1, exclamation(!), Or pipe(|) for i, zero(0) for o, dollar($) for s.

• Cannot be the same as the username, or the username reversed.

• Must be between 8 and 80 characters.

• Cannot end with colon(:), asterisk(*), coma(,), semicolon(;) or hash(#)

-Deepti

Hello Support Team,

i have the same problem here: LDAP Configuration Test is successful, i did a complete reboot of the VM after that, users are added with "LDAP" checked.

but when i try to log in it is not working, and even more: my wireshark sees no packet going to my LDAP Server, so no matter what username and password i type in it is not even trying to authenticate against ldap.

For what its worth I was having the same Issue and the TAC engineer had me move the Auth user closer(higher in the tree) to the Searchbase. PCA LDAP does not work as well as CUCM LDAP yet.  I am sure the developers are working on improving it but until then, experiment with some form of the below.

Example

Admin DN:

CN=adminauth,OU=Users,DC=Cisco,DC=com (Higher OU than users)

Searchbase:

DC=Cisco,DC=com

Users i want to login:

OU=DEPT,OU=Users,DC=Cisco,DC=com

oh thank you, the solution from Michael Johnson solved it for me.

Marahman,

If you have integrated PCA with an LDAP server, you should only need the sAMAccountName to log in. A great quick verifier is to log in with the Admin Account you assigned PCA. If this account can log in, then you can confirm a valid configuration and may need to investigate why your user's can't log in. You may need to add these users to the User management section of PCA.

Please remember that as a best practice, try to provide PCA an LDAP account that is close to the Domain root. This will allow for more user accounts to log in using LDAP Credentials. It should also be noted that PCA does not work well with parent and child Domain accounts.