[cisco-voip] LDAP & CUCM Integration

Dana Tong (AU) Dana.Tong at didata.com.au
Thu May 14 20:05:41 EDT 2009 

I have LDAP directory and auth working in CUCM 7.0.2 using the global catalog port 3268 (instead of 389) because the customer has users in different containers.

Try using an LDAP browser to isolate the problem. Hope this helps.

Cheers
Dana

-----Original Message-----
From: cisco-voip-bounces at puck.nether.net [mailto:cisco-voip-bounces at puck.nether.net] On Behalf Of Ryan Ratliff
Sent: Friday, May 15, 2009 5:45 AM
To: svr.file at gmail.com
Cc: cisco-voip at puck.nether.net
Subject: Re: [cisco-voip] LDAP & CUCM Integration

Those are just the headers, you need to look at the data in the
packet capture which means you need to set 'size all' and write to a
file.

I'd recommend opening a TAC SR at this point if you aren't
comfortable analyzing the ldap traffic as the ldap account password
will be sent in cleartext.

-Ryan

On May 14, 2009, at 1:55 PM, svr.file at gmail.com wrote:

This is the output of the CUCM capture:

admin:utils network capture port 389
Executing command with options:
  size=128                count=1000              interface=eth0
  src=                    dest=                   port=389
  ip=
19:50:33.251722 IP cucm7pub.52678 > 10.101.1.9.ldap: S
332011513:332011513(0) win 5840 <mss 1460,sackOK,timestamp 53692015
0,nop,wscale 2>
19:50:33.258213 IP 10.101.1.9.ldap > cucm7pub.52678: S
3972356909:3972356909(0) ack 332011514 win 64240 <mss 1460,nop,wscale
0,nop,nop,timestamp 0 0,nop,nop,sackOK>
19:50:33.258299 IP cucm7pub.52678 > 10.101.1.9.ldap: . ack 1 win 1460
<nop,nop,timestamp 53692018 0>
19:50:33.266567 IP cucm7pub.52678 > 10.101.1.9.ldap: P 1:15(14) ack 1
win 1460 <nop,nop,timestamp 53692033 0>
19:50:33.267490 IP 10.101.1.9.ldap > cucm7pub.52678: P 1:23(22) ack
15 win 64226 <nop,nop,timestamp 254075 53692033>
19:50:33.267613 IP cucm7pub.52678 > 10.101.1.9.ldap: . ack 23 win
1460 <nop,nop,timestamp 53692035 254075>
19:50:33.269813 IP cucm7pub.52678 > 10.101.1.9.ldap: P 15:60(45) ack
23 win 1460 <nop,nop,timestamp 53692036 254075>
19:50:33.291480 IP 10.101.1.9.ldap > cucm7pub.52678: P 23:45(22) ack
60 win 64181 <nop,nop,timestamp 254076 53692036>
19:50:33.307339 IP cucm7pub.52678 > 10.101.1.9.ldap: P 60:183(123)
ack 45 win 1460 <nop,nop,timestamp 53692074 254076>
19:50:33.310497 IP 10.101.1.9.ldap > cucm7pub.52678: P 45:819(774)
ack 183 win 64058 <nop,nop,timestamp 254076 53692074>
19:50:33.329261 IP cucm7pub.52678 > 10.101.1.9.ldap: P 183:220(37)
ack 819 win 1847 <nop,nop,timestamp 53692096 254076>
19:50:33.329805 IP cucm7pub.52678 > 10.101.1.9.ldap: FP 220:256(36)
ack 819 win 1847 <nop,nop,timestamp 53692097 254076>
19:50:33.331074 IP 10.101.1.9.ldap > cucm7pub.52678: . ack 257 win
63985 <nop,nop,timestamp 254076 53692096>
19:50:33.331084 IP 10.101.1.9.ldap > cucm7pub.52678: F 819:819(0) ack
257 win 63985 <nop,nop,timestamp 254076 53692096>
19:50:33.331290 IP cucm7pub.52678 > 10.101.1.9.ldap: . ack 820 win
1847 <nop,nop,timestamp 53692098 254076>

I have a done a trace on the DirSync and sounds the follow but not
sure what it means: Missing LDAP attribute: Attribute Count=3 ?

As far as I can see all the User Fields To Be Synchronized are
correct, does this refer to something else?

Thanks.


2009/5/15 Wes Sisk <wsisk at cisco.com>
2 options:
1. Take a packet capture of traffic between CM and your domain
controller.  Review the ldap traffic to see what is happening.
'utils network capture' from CLI of CM.
2. use RTMT to collect Dirsync logs from CM.  The checkbox in RTMT
Trace and Log Central is called "Cisco DirSync".

/Wes


On Thursday, May 14, 2009 12:51:02 PM, svr.file at gmail.com
<svr.file at gmail.com> wrote:
> I have just tested it with the domain administrator,
> administrator at domain.com as the username but still didn't import
> the user accounts.
>
>
>
> 2009/5/15 Keith Klevenski <KKlevenski at cstcorp.net>
> Make sure the AD account you created has the appropriate rights to
> the directory.  I would test with an admin account first that way
> you know it isn't a rights problem.
>
>
>
> Keith Klevenski
>
> Senior Network Architect
>
> CST CORP
>
> 12210 Bedford St.
>
> Houston, TX 77031
>
> 832-613-0660 (Office - Direct)
>
> 713-263-1333 (Office - Fax)
>
> 713-677-3925 (Cell)
>
> http://www.cstcorp.net/
>
>
> From: cisco-voip-bounces at puck.nether.net [mailto:cisco-voip-
> bounces at puck.nether.net] On Behalf Of svr.file at gmail.com
> Sent: Thursday, May 14, 2009 10:39 AM
> To: cisco-voip at puck.nether.net
> Subject: [cisco-voip] LDAP & CUCM Integration
>
>
> I'm having some issues getting a Windows 2000 Server, SP4, LDAP
> server to integrate with CUCM7.
>
> I have created a dedicated user account in AD for the integration,
> enabled LDAP System server type MS AD with the User ID
> sAMAccountName. I have configure LDAP Directory with the user
> account that I created in AD and the LDAP User Search Base with the
> following format: OU=<the OU that the end user accounts are
> in>,DC=testlab,DC=local.
>
> The problem is that no users are imported when I run the perform
> the full sycn?
>
> Can anyone help with this problem.
>
> Thanks.
>
>
> _______________________________________________ cisco-voip mailing
> list
> cisco-voip at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip


_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

******************************************************************************
 - NOTICE FROM DIMENSION DATA AUSTRALIA
This message is confidential, and may contain proprietary or legally privileged information.  If you have received this email in error, please notify the sender and delete it immediately.

Internet communications are not secure. You should scan this message and any attachments for viruses.  Under no circumstances do we accept liability for any loss or damage which may result from your receipt of this message or any attachments.
******************************************************************************

More information about the cisco-voip mailing list