[cisco-voip] Cisco IP Phone Address Book Synchronizer

Mike Newell mnewell at spottydogs.org
Wed Mar 9 08:56:55 EST 2005 

Actually we had pretty good hopes for this and I spent a lot of time
tracking down why it wasn't working.  Part of that involved doing sniffer
traces and what I found engendered, uh, concern amongst our Security
group.

Apparently the application takes your username/pin, hashes the password,
and fires it off as an HTTP URL to the CallManager.  The target APS
returns an XML response that contains credentials that can then be used to
log into the directory as the directory manager.  The application then
does so to do its synchronizing dance.

The thing is the HTTP thing is easily forged, and as a result a hacker can
easily get credentials that permit him/her/it directory manager access to
your LDAP directory.  Ugh!  That, and the fact that the application
doesn't synchronize directly with Outlook, killed the project on our
systems.  And lead to a small modification in the host access policy for
our CallManagers...

Hopefully the Personal Assistant application is a little more
sophisticated.

Thanks,

Mike

On Tue, 8 Mar 2005, Jack Lyons wrote:

jack.l> How often do you need this to sync, then you can export your contacts to a
jack.l> csv file and then import them into Windows Address Book and then
jack.l> synchronize.  It requires a few steps, but for the occasional synch it works
jack.l> great.
jack.l>
jack.l> This is also good, because you edit the intermediate file to append any
jack.l> numbers to get an outside number or append your account codes.
jack.l>
jack.l> Jack
jack.l>
jack.l> -----Original Message-----
jack.l> From: Mike Newell [mailto:mnewell at spottydogs.org]
jack.l> Sent: Tuesday, March 08, 2005 1:11 PM
jack.l> To: Gary Fletcher
jack.l> Cc: cisco-voip at puck.nether.net
jack.l> Subject: Re: [cisco-voip] Cisco IP Phone Address Book Synchronizer
jack.l>
jack.l> If you created your CCM with a non-fully-qualified-domain-name (NFQDN),
jack.l> then you'll have this problem because the application attaches to the
jack.l> system to acquire LDAP information; the LDAP server that gets returned is
jack.l> tne domain name you set up on the server.  If you named your server
jack.l> "PUBLISEHR" then you get back "ldap://publisher:8404" (or something
jack.l> simlar).  If "publisher" is in say domain "voip.my.com" and your
jack.l> workstation default domain is "my.com" then  the URL can't be expanded to
jack.l> get the appropriate IP address.  At least that was my problem...
jack.l>
jack.l> To test add your publisher's domain suffix to the domain search list on
jack.l> the test workstation and see if that helps.
jack.l>
jack.l> BTW PAB does NOT sync to Outlook.  It synchronizes with the Windows
jack.l> Address Book, which is not what Outlook uses.  We went down this path with
jack.l> the TAC and eventually found that it doesn't do what we want; you have to
jack.l> get he Personal Assistant (around $15K) to synchronize with Outlook.
jack.l> Fortunately we need PA anyway...
jack.l>
jack.l> Thanks,
jack.l>
jack.l> Mike
jack.l>
jack.l> On Tue, 8 Mar 2005, Gary Fletcher wrote:
jack.l>
jack.l> itwasn>
jack.l> itwasn>
jack.l> itwasn>
jack.l> itwasn> I running CallManager Release 3.3(4) and just installed PAB sync on
jack.l> a Win XP pc to sync my
jack.l> itwasn> Outlook 2003 contacts with a 7960 ip phone. I am getting a  TABsync
jack.l> error " unable to
jack.l> itwasn> logon to "userid" using the configured password".
jack.l> itwasn>
jack.l> itwasn> I am able to use the same logon credentials and ip address to logon
jack.l> to CCMUser and add the
jack.l> itwasn> phone services for my account. I disabled the firewall on the pc. I
jack.l> reset the password
jack.l> itwasn> from the DC Directory Administrator and CallManager Admin global
jack.l> directory.
jack.l> itwasn>
jack.l> itwasn> Has anyone see this problem before? There is no PA system involved.
jack.l> itwasn>
jack.l> itwasn>
jack.l> itwasn>
jack.l> ____________________________________________________________________________
jack.l> _____________________
jack.l> itwasn> Send email straight to your blog. Upload jokes, thoughts and even
jack.l> photos. Click here to
jack.l> itwasn> find out how!
jack.l> itwasn>
jack.l> _______________________________________________
jack.l> cisco-voip mailing list
jack.l> cisco-voip at puck.nether.net
jack.l> https://puck.nether.net/mailman/listinfo/cisco-voip
jack.l>
jack.l>
jack.l> This email and its contents may be confidential.  If it is and you are not
jack.l> the intended recipient, please do not disclose or use the information within
jack.l> this email or its attachments.  If you have received this email in error,
jack.l> please delete it immediately.  Thank you.
jack.l>
jack.l>

More information about the cisco-voip mailing list