[cisco-voip] LDAP & CUCM Integration

svr.file at gmail.com svr.file at gmail.com
Fri May 15 04:01:08 EDT 2009 

I have tried this in the lab with a Windows 2003 domain and it worked
perfectly, for some reason it just did not want to synch with the Windows
2000 domain?

Thanks.


2009/5/15 Dana Tong (AU) <Dana.Tong at didata.com.au>

> I have LDAP directory and auth working in CUCM 7.0.2 using the global
> catalog port 3268 (instead of 389) because the customer has users in
> different containers.
>
> Try using an LDAP browser to isolate the problem. Hope this helps.
>
> Cheers
> Dana
>
> -----Original Message-----
> From: cisco-voip-bounces at puck.nether.net [mailto:
> cisco-voip-bounces at puck.nether.net] On Behalf Of Ryan Ratliff
> Sent: Friday, May 15, 2009 5:45 AM
> To: svr.file at gmail.com
> Cc: cisco-voip at puck.nether.net
> Subject: Re: [cisco-voip] LDAP & CUCM Integration
>
> Those are just the headers, you need to look at the data in the
> packet capture which means you need to set 'size all' and write to a
> file.
>
> I'd recommend opening a TAC SR at this point if you aren't
> comfortable analyzing the ldap traffic as the ldap account password
> will be sent in cleartext.
>
> -Ryan
>
> On May 14, 2009, at 1:55 PM, svr.file at gmail.com wrote:
>
> This is the output of the CUCM capture:
>
> admin:utils network capture port 389
> Executing command with options:
>  size=128                count=1000              interface=eth0
>  src=                    dest=                   port=389
>  ip=
> 19:50:33.251722 IP cucm7pub.52678 > 10.101.1.9.ldap: S
> 332011513:332011513(0) win 5840 <mss 1460,sackOK,timestamp 53692015
> 0,nop,wscale 2>
> 19:50:33.258213 IP 10.101.1.9.ldap > cucm7pub.52678: S
> 3972356909:3972356909(0) ack 332011514 win 64240 <mss 1460,nop,wscale
> 0,nop,nop,timestamp 0 0,nop,nop,sackOK>
> 19:50:33.258299 IP cucm7pub.52678 > 10.101.1.9.ldap: . ack 1 win 1460
> <nop,nop,timestamp 53692018 0>
> 19:50:33.266567 IP cucm7pub.52678 > 10.101.1.9.ldap: P 1:15(14) ack 1
> win 1460 <nop,nop,timestamp 53692033 0>
> 19:50:33.267490 IP 10.101.1.9.ldap > cucm7pub.52678: P 1:23(22) ack
> 15 win 64226 <nop,nop,timestamp 254075 53692033>
> 19:50:33.267613 IP cucm7pub.52678 > 10.101.1.9.ldap: . ack 23 win
> 1460 <nop,nop,timestamp 53692035 254075>
> 19:50:33.269813 IP cucm7pub.52678 > 10.101.1.9.ldap: P 15:60(45) ack
> 23 win 1460 <nop,nop,timestamp 53692036 254075>
> 19:50:33.291480 IP 10.101.1.9.ldap > cucm7pub.52678: P 23:45(22) ack
> 60 win 64181 <nop,nop,timestamp 254076 53692036>
> 19:50:33.307339 IP cucm7pub.52678 > 10.101.1.9.ldap: P 60:183(123)
> ack 45 win 1460 <nop,nop,timestamp 53692074 254076>
> 19:50:33.310497 IP 10.101.1.9.ldap > cucm7pub.52678: P 45:819(774)
> ack 183 win 64058 <nop,nop,timestamp 254076 53692074>
> 19:50:33.329261 IP cucm7pub.52678 > 10.101.1.9.ldap: P 183:220(37)
> ack 819 win 1847 <nop,nop,timestamp 53692096 254076>
> 19:50:33.329805 IP cucm7pub.52678 > 10.101.1.9.ldap: FP 220:256(36)
> ack 819 win 1847 <nop,nop,timestamp 53692097 254076>
> 19:50:33.331074 IP 10.101.1.9.ldap > cucm7pub.52678: . ack 257 win
> 63985 <nop,nop,timestamp 254076 53692096>
> 19:50:33.331084 IP 10.101.1.9.ldap > cucm7pub.52678: F 819:819(0) ack
> 257 win 63985 <nop,nop,timestamp 254076 53692096>
> 19:50:33.331290 IP cucm7pub.52678 > 10.101.1.9.ldap: . ack 820 win
> 1847 <nop,nop,timestamp 53692098 254076>
>
> I have a done a trace on the DirSync and sounds the follow but not
> sure what it means: Missing LDAP attribute: Attribute Count=3 ?
>
> As far as I can see all the User Fields To Be Synchronized are
> correct, does this refer to something else?
>
> Thanks.
>
>
> 2009/5/15 Wes Sisk <wsisk at cisco.com>
> 2 options:
> 1. Take a packet capture of traffic between CM and your domain
> controller.  Review the ldap traffic to see what is happening.
> 'utils network capture' from CLI of CM.
> 2. use RTMT to collect Dirsync logs from CM.  The checkbox in RTMT
> Trace and Log Central is called "Cisco DirSync".
>
> /Wes
>
>
> On Thursday, May 14, 2009 12:51:02 PM, svr.file at gmail.com
> <svr.file at gmail.com> wrote:
> > I have just tested it with the domain administrator,
> > administrator at domain.com as the username but still didn't import
> > the user accounts.
> >
> >
> >
> > 2009/5/15 Keith Klevenski <KKlevenski at cstcorp.net>
> > Make sure the AD account you created has the appropriate rights to
> > the directory.  I would test with an admin account first that way
> > you know it isn't a rights problem.
> >
> >
> >
> > Keith Klevenski
> >
> > Senior Network Architect
> >
> > CST CORP
> >
> > 12210 Bedford St.
> >
> > Houston, TX 77031
> >
> > 832-613-0660 (Office - Direct)
> >
> > 713-263-1333 (Office - Fax)
> >
> > 713-677-3925 (Cell)
> >
> > http://www.cstcorp.net/
> >
> >
> > From: cisco-voip-bounces at puck.nether.net [mailto:cisco-voip-
> > bounces at puck.nether.net] On Behalf Of svr.file at gmail.com
> > Sent: Thursday, May 14, 2009 10:39 AM
> > To: cisco-voip at puck.nether.net
> > Subject: [cisco-voip] LDAP & CUCM Integration
> >
> >
> > I'm having some issues getting a Windows 2000 Server, SP4, LDAP
> > server to integrate with CUCM7.
> >
> > I have created a dedicated user account in AD for the integration,
> > enabled LDAP System server type MS AD with the User ID
> > sAMAccountName. I have configure LDAP Directory with the user
> > account that I created in AD and the LDAP User Search Base with the
> > following format: OU=<the OU that the end user accounts are
> > in>,DC=testlab,DC=local.
> >
> > The problem is that no users are imported when I run the perform
> > the full sycn?
> >
> > Can anyone help with this problem.
> >
> > Thanks.
> >
> >
> > _______________________________________________ cisco-voip mailing
> > list
> > cisco-voip at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-voip
>
>
> _______________________________________________
> cisco-voip mailing list
> cisco-voip at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
>
> _______________________________________________
> cisco-voip mailing list
> cisco-voip at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
>
>
> ******************************************************************************
>  - NOTICE FROM DIMENSION DATA AUSTRALIA
> This message is confidential, and may contain proprietary or legally
> privileged information.  If you have received this email in error, please
> notify the sender and delete it immediately.
>
> Internet communications are not secure. You should scan this message and
> any attachments for viruses.  Under no circumstances do we accept liability
> for any loss or damage which may result from your receipt of this message or
> any attachments.
>
> ******************************************************************************
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20090515/c5757ab2/attachment.html>

More information about the cisco-voip mailing list