[cisco-voip] rights needed for AD integration for ccm6

Justin Steinberg jsteinberg at gmail.com
Fri Jan 11 09:12:58 EST 2008 

you could try to change the dirsync port from 389 (ldap) to 3268
(global catalog).  I've never had any problems with using 389 for the
ldap directory part of dirsync, but I have had issues with CUPC
authentication that was fixed when I changed the ldap auth port from
389 to 3268.  I think I also had to restart dirsync service or may the
entire box for the change to take effect - can't remember.



On Jan 11, 2008 12:41 AM, Jonathan Charles <jonvoip at gmail.com> wrote:
> No...
>
> It is set to Microsoft Active Directory (Netscape is the only other option....)
>
>
>
> Jonathan
>
>
> On Jan 10, 2008 10:35 PM, Justin Steinberg <jsteinberg at gmail.com> wrote:
> > jonathan,
> >
> > I am not familiar with the dirsync trace files, but they mention
> > 'sun'.  is it possible that you accidentally chose one of the sun
> > directory integrations instead of AD?
> >
> >
> >
> >
> > On Jan 10, 2008 10:30 PM, Jonathan Charles <jonvoip at gmail.com> wrote:
> > > OK, I get good resolution on domaindnszones.planetcrazy.net and
> > > planetcrazy.net but nothing back on forestdnszones.planetcrazy.net
> > >
> > >
> > > Jonathan
> > >
> > >
> > > On Jan 10, 2008 8:38 AM, Ryan Ratliff <rratliff at cisco.com> wrote:
> > > > Yes it does.
> > > >
> > > > Just guessing though it looks as if you've got referral issues, just
> > > > going from some of the errors.   Is this Win2k3 AD?  If so do an
> > > > nslookup for 'planetcrazy.net', 'forestdnszones.planetcrazy.net', and
> > > > 'domaindnszones.planetcrazy.net' and see if there are any bogus
> > > > entries in any of them.
> > > >
> > > > > MESSAGE [LDAP: error code 10 - 0000202B: RefErr: DSID-031005E2, data
> > > > > 0, 1 access points
> > > > >         ref 1: 'planetcrazy.net'
> > > > >
> > > >
> > > >
> > > > -Ryan
> > > >
> > > >
> > > > On Jan 10, 2008, at 9:38 AM, Jonathan Charles wrote:
> > > >
> > > > Not that easy an option... wait...
> > > >
> > > > Doesn't CCM have a built in sniffer?
> > > >
> > > >
> > > >
> > > > Jonathan
> > > >
> > > > On Jan 10, 2008 8:09 AM, Ryan Ratliff <rratliff at cisco.com> wrote:
> > > > > Go for a sniffer capture.  It's the easiest way to see what's going
> > > > > on.
> > > > >
> > > > > -Ryan
> > > > >
> > > > >
> > > > > On Jan 9, 2008, at 7:31 PM, Jonathan Charles wrote:
> > > > >
> > > > > The sync is not working tho...
> > > > >
> > > > > I am getting these errors in the DirSync trace...
> > > > >
> > > > > 2008-01-09 14:11:42,451 ERROR
> > > > > [DSLDAPSyncImpl(4ddb60b4-dadb-42d8-c587-7d08dd0a0a8f)]
> > > > > ldapplugable.DSLDAPSyncImpl (DSLDAPSyncImpl.java:832) -
> > > > > LDAPSync(4ddb60b4-dadb-42d8-c587-7d08dd0a0a8f)[LDAPFullSync] Caught
> > > > > NamingException
> > > > > 2008-01-09 14:11:42,452 ERROR
> > > > > [DSLDAPSyncImpl(4ddb60b4-dadb-42d8-c587-7d08dd0a0a8f)]
> > > > > ldapplugable.DSLDAPSyncImpl (DSLDAPSyncImpl.java:833) -
> > > > > LDAPSync(4ddb60b4-dadb-42d8-c587-7d08dd0a0a8f)[LDAPFullSync]
> > > > > com.sun.jndi.ldap.LdapReferralException: [LDAP: error code 10 -
> > > > > 0000202B: RefErr: DSID-031005E2, data 0, 1 access points
> > > > >         ref 1: 'planetcrazy.net'
> > > > >
> > > > >
> > > > > MESSAGE [LDAP: error code 10 - 0000202B: RefErr: DSID-031005E2, data
> > > > > 0, 1 access points
> > > > >         ref 1: 'planetcrazy.net'
> > > > >
> > > > > com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2824)
> > > > > com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2737)
> > > > > com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1808)
> > > > > com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1731)
> > > > > com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search
> > > > > (ComponentDirContext.java:368)
> > > > > com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search
> > > > > (PartialCompositeDirContext.java:338)
> > > > > com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search
> > > > > (PartialCompositeDirContext.java:321)
> > > > > javax.naming.directory.InitialDirContext.search
> > > > > (InitialDirContext.java:248)
> > > > > com.cisco.ccm.dir.dirsync.ldapplugable.DSLDAPSyncImpl.searchInternalEx
> > > > > ac
> > > > > t(DSLDAPSyncImpl.java:1193)
> > > > > com.cisco.ccm.dir.dirsync.ldapplugable.DSLDAPSyncImpl.LDAPFullSync
> > > > > (DSLDAPSyncImpl.java:823)
> > > > > com.cisco.ccm.dir.dirsync.ldapplugable.DSLDAPSyncImpl.run
> > > > > (DSLDAPSyncImpl.java:296)
> > > > >
> > > > > 2008-01-09 14:11:42,452 ERROR
> > > > > [DSLDAPSyncImpl(4ddb60b4-dadb-42d8-c587-7d08dd0a0a8f)]
> > > > > ldapplugable.DSLDAPSyncImpl (DSLDAPSyncImpl.java:325) -
> > > > > LDAPSync(4ddb60b4-dadb-42d8-c587-7d08dd0a0a8f)[Run]
> > > > > com.cisco.ccm.dir.dirsync.common.DSException
> > > > > MESSAGE null
> > > > > com.cisco.ccm.dir.dirsync.ldapplugable.DSLDAPSyncImpl.LDAPFullSync
> > > > > (DSLDAPSyncImpl.java:841)
> > > > > com.cisco.ccm.dir.dirsync.ldapplugable.DSLDAPSyncImpl.run
> > > > > (DSLDAPSyncImpl.java:296)
> > > > >
> > > > >
> > > > > I have no idea what they mean....
> > > > >
> > > > > And no users are being brought over...
> > > > >
> > > > >
> > > > > Jonathan
> > > > >
> > > > > On Jan 9, 2008 3:34 PM, Craig Staffin <cmstaffin at gmail.com> wrote:
> > > > >> It just needs to be a member of Domain Users
> > > > >>
> > > > >> There are no special rights needed
> > > > >>
> > > > >> Craig
> > > > >>
> > > > >>
> > > > >> On Jan 9, 2008 2:50 PM, Jonathan Charles <jonvoip at gmail.com > wrote:
> > > > >>>
> > > > >>> So, what rights does the LDAP user need to AD for it to sync...?
> > > > >>>
> > > > >>>
> > > > >>>
> > > > >>> Jonathan
> > > > >>> _______________________________________________
> > > > >>> cisco-voip mailing list
> > > > >>> cisco-voip at puck.nether.net
> > > > >>> https://puck.nether.net/mailman/listinfo/cisco-voip
> > > > >>>
> > > > >>
> > > > >>
> > > > >>
> > > > >> --
> > > > >> Craig Staffin
> > > > >> Craig at staffin.org
> > > > >> (H) 262-437-7313
> > > > >> (C) 262-613-6003
> > > > > _______________________________________________
> > > > > cisco-voip mailing list
> > > > > cisco-voip at puck.nether.net
> > > > > https://puck.nether.net/mailman/listinfo/cisco-voip
> > > > >
> > > > >
> > > >
> > > >
> > > _______________________________________________
> > > cisco-voip mailing list
> > > cisco-voip at puck.nether.net
> > > https://puck.nether.net/mailman/listinfo/cisco-voip
> > >
> >
>

More information about the cisco-voip mailing list