first get this...

bhough · ‎08-17-2016

the new requirements for jabber 11.7 seem to be requiring ssl 636/3269?

now requiring AD DC certs with server auth enabled, ssl enabled ldap to be uploaded to all of cucm and im&presence.

is there a way to keep using ldap on 3628?

are people using ldap on domain controllers or ldap as a standalone?

saw note on Microsoft to Not have CA on domain controllers?

b

Varundeep Chhatwal · ‎08-17-2016

Please share the doc you are referring. AFAIK jabber 11.7 can work with 3268 as well.

Mohammed Khan · ‎08-17-2016

Refer below link on Port usage.

http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/jabber/11_7/cjab_b_planning-guide-jabber-117/cjab_b_planning-guide-jabber-117_chapter_01.html#CJAB_RF_P3A082A9_00

Directory Integration—For LDAP contact resolution one of the following ports are used based on LDAP configuration.
	389	LDAP	TCP	LDAP TCP (UDP) Connects to an LDAP directory service.
	3268	LDAP	TCP	Connects to a Global Catalog server for contact searches.
	636	LDAPS	TCP	LDAPS TCP Connects securely to an LDAP directory service.
	3269	LDAPS	TCP	LDAPS TCP Connects securely to the Global Catalog server.

Jaime Valencia · ‎08-17-2016

Yes, that's the new default, you can simply adjust your jabber-config.xml to disable SSL, the 11.7 parameter reference guide has all this info.

HTH

java

if this helps, please rate

bhough · ‎08-18-2016

first get this...

***********

According to the release notes here:

http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/jabber/Android/11_7/RN/jaba_b_release-notes-for-android-117.html

Secure LDAP Password—Jabber no longer supports common account LDAP credentials that are configured in the device profile. Instead, LDAP credentials can be configured in the Cisco Unified Communications Manager service profile or in the jabber-config.xml file using the directory integration parameters. With this release, a more secure way to configure common account LDAP credentials is to reuse the existing credentials that Jabber uses when connecting to other services, such as Cisco Unified Communications Manager.

Users can also manually enter their own authentication using a new option in Jabber. This option is only available to users if you do not configure alternate authentication methods such as using the service profile or configuring the LDAP_UseCredentialsFrom parameter.

For more information about configuring LDAP authentication, see the section on Authentication Options in the On-Premises Deployment for Cisco Jabber.

For information about the new LDAP_UseCredentialsFrom, LdapUserDomain, and UseAnonymousBinding parameters, see the Parameters Reference Guide.

This is required over port 389, for TLS.

This should get you up and running.

*************

then get this...

##########

Per the guide there are 2 issues here:

1) Jabber no longer supports common account LDAP credentials that are configured in the device profile.

Your config file does indicate to use existing credentials, but you have conflicting statements for DirectoryServerType

2) If you’re going to be using a global catalog server, you’ll need to use the secure port, 3269.

@@@@@@@@

so get headed down a different rabbit hole. anywho, I got it to work. will post my xml settings later. b

chris.youngberg · ‎08-25-2016

My MAC and iOS 11.7 clients are not happy. What did you finally end up doing to get this to work?

bhough · ‎08-26-2016

hey chris,

i have attached the sections of the jabber-config.xml that have this working for my mac and ios clients.

also screen shot of service profile of user, showing the directory settings, not being used.

believe the ldapgetcredsfrom setting, using CUCM, is what has fixed this so they don't have to be in the xml.

i have not been able to test my prod jabber android, due to change freeze, but will post that later after testing.

*note we also are not using ssl 3269.

hope this helps you too,

b

Jabber 11.7 LDAP using ssl 3269