[cisco-voip] Moving LDAP Integrated Users across domains
Pawlowski, Adam
ajp26 at buffalo.edu
Wed May 23 17:05:37 EDT 2018
Ryan,
Thanks - I'm going to be trying this in my lab shortly so we'll see how it goes.
It seems that it looks up in UDS before authenticating via CUPS - I swear I've seen it try the JID first which fails, then it reverts to user ID. The client itself reflects this by sometimes returning the userID only in the box for login , sometimes the full JID. I don't know.
We'll see if it works or not - we're MRA only so it should be interesting.
Adam
From: Ryan Huff <ryanhuff at outlook.com>
Sent: Wednesday, May 23, 2018 4:51 PM
To: Pawlowski, Adam <ajp26 at buffalo.edu>; cisco-voip at puck.nether.net
Subject: Re: [cisco-voip] Moving LDAP Integrated Users across domains
I believe it is a result of the query Expressway-C makes into CCM. Expressway-C queries CCM with the username the user attempted to authenticate with, and CCM is looking for that username in the UserID field of the End User account, as apposed to looking for the user at host alternate attribute being used as the flexible ID that is configured on the IM and Presence server (Ex. Mail ID).
In all fairness, it does work, sort of, after the initial client login is performed internally and the client cache is built (because the client will have cached the correct UserID for future MRA logins). However, from an initial, "clean client" perspective, I don't believe you'd be able to login over MRA with the FJID, only the actual User ID.
Thanks,
== Ryan ==
________________________________
From: cisco-voip <cisco-voip-bounces at puck.nether.net<mailto:cisco-voip-bounces at puck.nether.net>> on behalf of Pawlowski, Adam <ajp26 at buffalo.edu<mailto:ajp26 at buffalo.edu>>
Sent: Wednesday, May 23, 2018 4:24 PM
To: cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
Subject: Re: [cisco-voip] Moving LDAP Integrated Users across domains
How does Flexible JID not work via MRA?
The domains would just need to be provisioned as separate service domains with the correct certificates and DNS records? That's a bit of a pain but it should still work?
Adam
_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
https://puck.nether.net/mailman/listinfo/cisco-voip
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20180523/07980a8a/attachment.html>
More information about the cisco-voip
mailing list