Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1280
Views
0
Helpful
4
Replies

CUCM 9 + CUPS 8.X + Jabber 9 Mac

jeancoelho
Level 1
Level 1

‎10-18-2013 11:45 AM - edited ‎03-19-2019 07:25 AM

Hi!

I am trying to deploy Jabber for Mac and Ipads (version 9), and everithing is ok, the problem is the Software Phone, always in "Disconected" state, if i use Jabber for Mac 8.X, it works.. the client register to my jabber software phone and my deskphone, by the way, only deskphone works in Jabber 9 for Mac and iPad, i revised all the configuration files in cucm and cups.. any help?

Thank You!

Labels:
0 Helpful
4 Replies 4

jeancoelho
Level 1
Level 1

‎10-18-2013 11:49 AM

My configurations of BDI options in jabber-config.xml:

  EDI

  1

  true

  sAMAccountName

  http://img.domain.net/sAMAccountName.jpg

  BDI

  AD

  ad01.domain.net

  3268

  admuser@domain.net

  password

  DC=domain,DC=net

  True

  sAMAccountName

  http://img.domain.net/sAMAccountName.jpg

  userPrincipalName (testing)

  userPrincipalName (testing)

My mail address at AD is: @fullnamedomain.net

My mail address at Jabber is: @domain.net

0 Helpful

mduling
Level 1
Level 1
In response to jeancoelho

‎10-22-2013 02:40 PM

Ok I figured out what is going on as far as SSL directory searches of AD, though there are aspects I still don't understand.  In one of the docs for Jabber v9.2.1 it says that you can't use the global catalog with a Mac.  So why the Mac client defaults to 3268 is beyond me.  But I also can't use BDIServerPort1=636 and BDIEnableTLS=1 or 0.  But I can use 389 and TLS=1 and I can see using wireshark that it is encrpting the the directory query to AD.

389

1

That works.  Apparently 389+TLS and LDAPS aren't the same thing.  The ipad document here distinguishes between "LDAP TCP 389 LDAP with optional TLS" and "Secure LDAP 636 LDAPS". Sounds similar to SFTP vs FTPS.

Ports and Protocols Used in Cisco Jabber for iPad  http://www.cisco.com/en/US/prod/collateral/voicesw/ps6789/ps6836/ps12430/deployment_guide_c22-718393.html

See here too:

http://www.openldap.org/faq/data/cache/605.html

Still, I don't know why Mac Jabber won't use port 636 in any form for me.  Only 389.  The full xml file is here:

   

        BDI

        AD

        1.1.1.1

        mycompany.com

        389

        ou=My Users,dc=ad,dc=mycompany,dc=com

        uc_query@ad.mycompany.com

        my_password

        1

        (&(objectCategory=person) (this is the default value; use your own)

   

0 Helpful

mduling
Level 1
Level 1
In response to mduling

‎10-22-2013 05:30 PM

Update: I swear it was encrypting the directory search with SSL over port 389 but I can't duplicate that.  I'll work with Cisco on ldaps on 636.  But the xml file above does work for me without SSL on 389.

Also, the docs say "Cisco Jabber for Mac does not support port 3269 (Active Directory Global Catalog over LDAPS)", not Global Catalog generally.  It may not work for me over 3268 because of our AD setup.  I'm not an AD guy and another group manages that.

0 Helpful

mduling
Level 1
Level 1
In response to mduling

‎10-29-2013 05:14 PM

Ok, the problem was that BDIEnableTLS needs to be 'True' and not '1'.  So it seems StartTLS (as an extended operation) works over port 389 on the Mac Jabber client and the plain SSL method doesn't.  I see the Windows version has a 'UseSSL' parameter but the Mac one doesn't so maybe that is just the way the Mac client works at this point.


0 Helpful
Customers Also Viewed These Support Documents