I have a Cisco Prime Collaboration Assurance version 11.0 and added the LDAP successfully. When I perform test connection it gives me the connection is successful with the LDAP server, then I added the users from user management using the same user name as per the user account on the LDAP and check the LDAP user check box. But when the user try to login to the CPCA using his LDAP account an error message appear telling that either the username or password is incorrect.Even i tried both "sAMAccountName" & "CN" to login to the CPCA, but still showing the same error.
1. Is there any space in the user name?
You are asking about "sAMAccountName" or "CN" space?
2. Is the correct user search space configured and being used for ldap?
Yes, i am using the same LDAP User Search Base which we used in CUCM Integration with LDAP. For Example: (OU=XXXX( CEO ),DC=ABC,DC=AA,DC=COM)
No, there is no space. Shall we use "sAMAccountName" or "CN" for username. Shall we login into PCA using <domainname>\username ?
For first time login please use the default username "globaladmin" ,
Prime Collaboration is preconfigured with a default web client administrator user called globaladmin; globaladmin is a superuser who can access both the Prime Collaboration Assurance and Prime Collaboration Provisioning UIs.
Specify a password for globaladmin when you configure your virtual appliance (for either stand-alone products or converged application. You need to use these credentials when you launch the Prime Collaboration web client for the first time.
I already done that but my question is after LDAP integration has been done. When I try to login with LDAP user, Should I use "sAMAccountName" or "CN" for LDAP authentication. Shall I login into PCA using <domainname>\username for LDAP authentication.
Prime has a very typical password requirement. Please make sure the LDAP password meets the following requirements:
• Must contain at least one lowercase letter, uppercase letter, number, and special character (exclamation(!), at(@), hash(#), dollar($), asterisk(*), coma(,), full stop(.))
• Cannot repeat a character in the password more than three times.
• Cannot contain non-ASCII characters such as minus(-), percent(%), plus(+), ampersand(&) , or a space.
• Cannot be Cisco or ocsic or any variant by changing the capitalization of letters, or by substituting 1, exclamation(!), Or pipe(|) for i, zero(0) for o, dollar($) for s.
• Cannot be the same as the username, or the username reversed.
• Must be between 8 and 80 characters.
• Cannot end with colon(:), asterisk(*), coma(,), semicolon(;) or hash(#)
Hello Support Team,
i have the same problem here: LDAP Configuration Test is successful, i did a complete reboot of the VM after that, users are added with "LDAP" checked.
but when i try to log in it is not working, and even more: my wireshark sees no packet going to my LDAP Server, so no matter what username and password i type in it is not even trying to authenticate against ldap.
For what its worth I was having the same Issue and the TAC engineer had me move the Auth user closer(higher in the tree) to the Searchbase. PCA LDAP does not work as well as CUCM LDAP yet. I am sure the developers are working on improving it but until then, experiment with some form of the below.
CN=adminauth,OU=Users,DC=Cisco,DC=com (Higher OU than users)
Users i want to login:
If you have integrated PCA with an LDAP server, you should only need the sAMAccountName to log in. A great quick verifier is to log in with the Admin Account you assigned PCA. If this account can log in, then you can confirm a valid configuration and may need to investigate why your user's can't log in. You may need to add these users to the User management section of PCA.
Please remember that as a best practice, try to provide PCA an LDAP account that is close to the Domain root. This will allow for more user accounts to log in using LDAP Credentials. It should also be noted that PCA does not work well with parent and child Domain accounts.