[cisco-voip] LDAP & CUCM Integration

Ryan Ratliff rratliff at cisco.com
Thu May 14 15:44:43 EDT 2009 

Those are just the headers, you need to look at the data in the  
packet capture which means you need to set 'size all' and write to a  
file.

I'd recommend opening a TAC SR at this point if you aren't  
comfortable analyzing the ldap traffic as the ldap account password  
will be sent in cleartext.

-Ryan

On May 14, 2009, at 1:55 PM, svr.file at gmail.com wrote:

This is the output of the CUCM capture:

admin:utils network capture port 389
Executing command with options:
  size=128                count=1000              interface=eth0
  src=                    dest=                   port=389
  ip=
19:50:33.251722 IP cucm7pub.52678 > 10.101.1.9.ldap: S  
332011513:332011513(0) win 5840 <mss 1460,sackOK,timestamp 53692015  
0,nop,wscale 2>
19:50:33.258213 IP 10.101.1.9.ldap > cucm7pub.52678: S  
3972356909:3972356909(0) ack 332011514 win 64240 <mss 1460,nop,wscale  
0,nop,nop,timestamp 0 0,nop,nop,sackOK>
19:50:33.258299 IP cucm7pub.52678 > 10.101.1.9.ldap: . ack 1 win 1460  
<nop,nop,timestamp 53692018 0>
19:50:33.266567 IP cucm7pub.52678 > 10.101.1.9.ldap: P 1:15(14) ack 1  
win 1460 <nop,nop,timestamp 53692033 0>
19:50:33.267490 IP 10.101.1.9.ldap > cucm7pub.52678: P 1:23(22) ack  
15 win 64226 <nop,nop,timestamp 254075 53692033>
19:50:33.267613 IP cucm7pub.52678 > 10.101.1.9.ldap: . ack 23 win  
1460 <nop,nop,timestamp 53692035 254075>
19:50:33.269813 IP cucm7pub.52678 > 10.101.1.9.ldap: P 15:60(45) ack  
23 win 1460 <nop,nop,timestamp 53692036 254075>
19:50:33.291480 IP 10.101.1.9.ldap > cucm7pub.52678: P 23:45(22) ack  
60 win 64181 <nop,nop,timestamp 254076 53692036>
19:50:33.307339 IP cucm7pub.52678 > 10.101.1.9.ldap: P 60:183(123)  
ack 45 win 1460 <nop,nop,timestamp 53692074 254076>
19:50:33.310497 IP 10.101.1.9.ldap > cucm7pub.52678: P 45:819(774)  
ack 183 win 64058 <nop,nop,timestamp 254076 53692074>
19:50:33.329261 IP cucm7pub.52678 > 10.101.1.9.ldap: P 183:220(37)  
ack 819 win 1847 <nop,nop,timestamp 53692096 254076>
19:50:33.329805 IP cucm7pub.52678 > 10.101.1.9.ldap: FP 220:256(36)  
ack 819 win 1847 <nop,nop,timestamp 53692097 254076>
19:50:33.331074 IP 10.101.1.9.ldap > cucm7pub.52678: . ack 257 win  
63985 <nop,nop,timestamp 254076 53692096>
19:50:33.331084 IP 10.101.1.9.ldap > cucm7pub.52678: F 819:819(0) ack  
257 win 63985 <nop,nop,timestamp 254076 53692096>
19:50:33.331290 IP cucm7pub.52678 > 10.101.1.9.ldap: . ack 820 win  
1847 <nop,nop,timestamp 53692098 254076>

I have a done a trace on the DirSync and sounds the follow but not  
sure what it means: Missing LDAP attribute: Attribute Count=3 ?

As far as I can see all the User Fields To Be Synchronized are  
correct, does this refer to something else?

Thanks.


2009/5/15 Wes Sisk <wsisk at cisco.com>
2 options:
1. Take a packet capture of traffic between CM and your domain  
controller.  Review the ldap traffic to see what is happening.   
'utils network capture' from CLI of CM.
2. use RTMT to collect Dirsync logs from CM.  The checkbox in RTMT  
Trace and Log Central is called "Cisco DirSync".

/Wes


On Thursday, May 14, 2009 12:51:02 PM, svr.file at gmail.com  
<svr.file at gmail.com> wrote:
> I have just tested it with the domain administrator,  
> administrator at domain.com as the username but still didn't import  
> the user accounts.
>
>
>
> 2009/5/15 Keith Klevenski <KKlevenski at cstcorp.net>
> Make sure the AD account you created has the appropriate rights to  
> the directory.  I would test with an admin account first that way  
> you know it isn’t a rights problem.
>
>
>
> Keith Klevenski
>
> Senior Network Architect
>
> CST CORP
>
> 12210 Bedford St.
>
> Houston, TX 77031
>
> 832-613-0660 (Office - Direct)
>
> 713-263-1333 (Office - Fax)
>
> 713-677-3925 (Cell)
>
> http://www.cstcorp.net/
>
>
> From: cisco-voip-bounces at puck.nether.net [mailto:cisco-voip- 
> bounces at puck.nether.net] On Behalf Of svr.file at gmail.com
> Sent: Thursday, May 14, 2009 10:39 AM
> To: cisco-voip at puck.nether.net
> Subject: [cisco-voip] LDAP & CUCM Integration
>
>
> I'm having some issues getting a Windows 2000 Server, SP4, LDAP  
> server to integrate with CUCM7.
>
> I have created a dedicated user account in AD for the integration,  
> enabled LDAP System server type MS AD with the User ID  
> sAMAccountName. I have configure LDAP Directory with the user  
> account that I created in AD and the LDAP User Search Base with the  
> following format: OU=<the OU that the end user accounts are  
> in>,DC=testlab,DC=local.
>
> The problem is that no users are imported when I run the perform  
> the full sycn?
>
> Can anyone help with this problem.
>
> Thanks.
>
>
> _______________________________________________ cisco-voip mailing  
> list
> cisco-voip at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip


_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

More information about the cisco-voip mailing list