cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1026
Views
0
Helpful
7
Replies

LDAP authentication fails in UPM, but works on CUCM

luis.rosello
Level 1
Level 1

FYI, I ran into an issue configuring devices in UPM, specifically LDAP.  I configured the optional section for LDAP, and the Test Access button fails.  Checked all settings, tried different settings, but not change.  I decided to try the LDAP configuration in CUCM, and that worked first try.

7 Replies 7

sbommaji
Level 1
Level 1

Luis,

Did you check the spaces, commas ets on UPM?. Also please save the config on UPM and see what hte corrosponding page on Native GUI shows. You may be able to spot the difference. In any case please let me know if your issue is resolved.

-Sunil

+1 occurrence. LDAP in CUPM fails to communicate, however from CUCM and CUC directly with the same settings/queries copied and pasted it works.

Beyond that, the first attempt to configure LDAP and run the test seems to clear out the settings and not actually test it until the second entry and test attempt.

Outside of CUPM attempting to utilize LDAP directly from CUCM, had an issue with trying to apply a filter to find/query specific users of any particular detail. Ended up deleting the broad LDAP Directory configuration and recreated it without applying a filter but with the query parameter directly on the configuration. Though this essentially makes the LDAP Custom Filters completely pointless. Anyone else run in to custom filter issues or maybe I missed something in the process?

Thanks,

DJ

Aaron,

Can you please add a screenshot?

Thanks,

Sunil

I have tried multiple different settings and they all complain about credentials but the credentials that worked on CUCM and CUC did not want to work on CUPM. Above is just a snapshot showing the error with one of the tests.

Distinguished name used was CUPM27 and CUPM27@mkt-trl.local and variations of Search Base from specific user, OU, or general DC only. None of the settings would work through the CUPM.

This is attempting to connect to an SBS2011 Standard server stood up just for this market trial. No other configurations inhibiting, fresh install on defaults for the most part with only a couple added roles.

--

For LDAP Filter issue in CUCM:

First created LDAP Directory without the OU=OPS statement and created an OU=OPS Filter:

and users could not be found. Attempted adding a filter matching the exact statement and still nothing. Removed the filter and found all users in the DC. Added filter back and users show inactive. Removed filter and added OU=OPS filter and all users inactive. Deleted the LDAP directory entirely and recreated with the DCs and the OU=OPS without a filter (as shown in first LDAP image) and finding users shows all other users inactive but the OPS users active as wanted. Created a second directory entry with the DCs + OU=EXEC and it activated the proper EXEC users with the OPS users still showing active and with the rest still inactive. Deleted out the inactive users and now is selecting those I wanted to but would like to be able to apply a filter instead.

Hopefully it is something obvious that someone can tell me so I can user the filters as intended.

DJ,

Thank you for the screenshots. Enginering is currently looking your issue. I will keep you posted.

-Sunil

Update for anyone else trying to do similar things I was with LDAP. Able to get up and running but not in the way was originally intending. LDAP queries from CUCM, etc only query the listed fields and nothing more. I was hoping to add users by members of groups or OUs as a filter. The only filters you can apply are those matching the DB fields queried.

Basic use expected for us is to have users in AD populated with an extension/number in the "telephoneNumber" or "ipPhone" and only those users in the specified dirctory of CN or OU with a matching value will be added in.

So in perhaps an easier to follow description: you can only create a filter per the fields listed below in the "User Fields To Be Synchronized":

Cisco Unified Communications Manager User FieldsLDAP User Fields Cisco Unified Communications Manager User Fields LDAP User Fields

User ID

sAMAccountName

First Name

givenName

Middle Name

middleName

Last Name

sn

Manager ID

manager

Department

department

Phone Number

ipPhone

Mail ID

mail

Should have noticed it sooner that it was literally only these fields and nothing more.

Now my standard LDAP setup is essentially assigning a user an ipPhone extension in AD, the LDAP Directory Query to the root DCs and optionally to the OU, and LDAP Custom Filter of (ipPhone=7*) because of our 7XXX extensions.

DJ

Aaron,

Let me reach you off-line to discuss this further. Will bring in some folks from engineering to understand your needs.

Thanks,

Sunil

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: