I have tried this in the lab with a Windows 2003 domain and it worked perfectly, for some reason it just did not want to synch with the Windows 2000 domain?<br><br>Thanks.<br><br><br><div class="gmail_quote">2009/5/15 Dana Tong (AU) <span dir="ltr"><<a href="mailto:Dana.Tong@didata.com.au">Dana.Tong@didata.com.au</a>></span><br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">I have LDAP directory and auth working in CUCM 7.0.2 using the global catalog port 3268 (instead of 389) because the customer has users in different containers.<br>
<br>
Try using an LDAP browser to isolate the problem. Hope this helps.<br>
<br>
Cheers<br>
Dana<br>
<div><div></div><div class="h5"><br>
-----Original Message-----<br>
From: <a href="mailto:cisco-voip-bounces@puck.nether.net">cisco-voip-bounces@puck.nether.net</a> [mailto:<a href="mailto:cisco-voip-bounces@puck.nether.net">cisco-voip-bounces@puck.nether.net</a>] On Behalf Of Ryan Ratliff<br>
Sent: Friday, May 15, 2009 5:45 AM<br>
To: <a href="mailto:svr.file@gmail.com">svr.file@gmail.com</a><br>
Cc: <a href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</a><br>
Subject: Re: [cisco-voip] LDAP & CUCM Integration<br>
<br>
Those are just the headers, you need to look at the data in the<br>
packet capture which means you need to set 'size all' and write to a<br>
file.<br>
<br>
I'd recommend opening a TAC SR at this point if you aren't<br>
comfortable analyzing the ldap traffic as the ldap account password<br>
will be sent in cleartext.<br>
<br>
-Ryan<br>
<br>
On May 14, 2009, at 1:55 PM, <a href="mailto:svr.file@gmail.com">svr.file@gmail.com</a> wrote:<br>
<br>
This is the output of the CUCM capture:<br>
<br>
admin:utils network capture port 389<br>
Executing command with options:<br>
size=128 count=1000 interface=eth0<br>
src= dest= port=389<br>
ip=<br>
19:50:33.251722 IP cucm7pub.52678 > 10.101.1.9.ldap: S<br>
332011513:332011513(0) win 5840 <mss 1460,sackOK,timestamp 53692015<br>
0,nop,wscale 2><br>
19:50:33.258213 IP 10.101.1.9.ldap > cucm7pub.52678: S<br>
3972356909:3972356909(0) ack 332011514 win 64240 <mss 1460,nop,wscale<br>
0,nop,nop,timestamp 0 0,nop,nop,sackOK><br>
19:50:33.258299 IP cucm7pub.52678 > 10.101.1.9.ldap: . ack 1 win 1460<br>
<nop,nop,timestamp 53692018 0><br>
19:50:33.266567 IP cucm7pub.52678 > 10.101.1.9.ldap: P 1:15(14) ack 1<br>
win 1460 <nop,nop,timestamp 53692033 0><br>
19:50:33.267490 IP 10.101.1.9.ldap > cucm7pub.52678: P 1:23(22) ack<br>
15 win 64226 <nop,nop,timestamp 254075 53692033><br>
19:50:33.267613 IP cucm7pub.52678 > 10.101.1.9.ldap: . ack 23 win<br>
1460 <nop,nop,timestamp 53692035 254075><br>
19:50:33.269813 IP cucm7pub.52678 > 10.101.1.9.ldap: P 15:60(45) ack<br>
23 win 1460 <nop,nop,timestamp 53692036 254075><br>
19:50:33.291480 IP 10.101.1.9.ldap > cucm7pub.52678: P 23:45(22) ack<br>
60 win 64181 <nop,nop,timestamp 254076 53692036><br>
19:50:33.307339 IP cucm7pub.52678 > 10.101.1.9.ldap: P 60:183(123)<br>
ack 45 win 1460 <nop,nop,timestamp 53692074 254076><br>
19:50:33.310497 IP 10.101.1.9.ldap > cucm7pub.52678: P 45:819(774)<br>
ack 183 win 64058 <nop,nop,timestamp 254076 53692074><br>
19:50:33.329261 IP cucm7pub.52678 > 10.101.1.9.ldap: P 183:220(37)<br>
ack 819 win 1847 <nop,nop,timestamp 53692096 254076><br>
19:50:33.329805 IP cucm7pub.52678 > 10.101.1.9.ldap: FP 220:256(36)<br>
ack 819 win 1847 <nop,nop,timestamp 53692097 254076><br>
19:50:33.331074 IP 10.101.1.9.ldap > cucm7pub.52678: . ack 257 win<br>
63985 <nop,nop,timestamp 254076 53692096><br>
19:50:33.331084 IP 10.101.1.9.ldap > cucm7pub.52678: F 819:819(0) ack<br>
257 win 63985 <nop,nop,timestamp 254076 53692096><br>
19:50:33.331290 IP cucm7pub.52678 > 10.101.1.9.ldap: . ack 820 win<br>
1847 <nop,nop,timestamp 53692098 254076><br>
<br>
I have a done a trace on the DirSync and sounds the follow but not<br>
sure what it means: Missing LDAP attribute: Attribute Count=3 ?<br>
<br>
As far as I can see all the User Fields To Be Synchronized are<br>
correct, does this refer to something else?<br>
<br>
Thanks.<br>
<br>
<br>
2009/5/15 Wes Sisk <<a href="mailto:wsisk@cisco.com">wsisk@cisco.com</a>><br>
2 options:<br>
1. Take a packet capture of traffic between CM and your domain<br>
controller. Review the ldap traffic to see what is happening.<br>
'utils network capture' from CLI of CM.<br>
2. use RTMT to collect Dirsync logs from CM. The checkbox in RTMT<br>
Trace and Log Central is called "Cisco DirSync".<br>
<br>
/Wes<br>
<br>
<br>
On Thursday, May 14, 2009 12:51:02 PM, <a href="mailto:svr.file@gmail.com">svr.file@gmail.com</a><br>
<<a href="mailto:svr.file@gmail.com">svr.file@gmail.com</a>> wrote:<br>
> I have just tested it with the domain administrator,<br>
> <a href="mailto:administrator@domain.com">administrator@domain.com</a> as the username but still didn't import<br>
> the user accounts.<br>
><br>
><br>
><br>
> 2009/5/15 Keith Klevenski <<a href="mailto:KKlevenski@cstcorp.net">KKlevenski@cstcorp.net</a>><br>
> Make sure the AD account you created has the appropriate rights to<br>
> the directory. I would test with an admin account first that way<br>
> you know it isn't a rights problem.<br>
><br>
><br>
><br>
> Keith Klevenski<br>
><br>
> Senior Network Architect<br>
><br>
> CST CORP<br>
><br>
> 12210 Bedford St.<br>
><br>
> Houston, TX 77031<br>
><br>
> 832-613-0660 (Office - Direct)<br>
><br>
> 713-263-1333 (Office - Fax)<br>
><br>
> 713-677-3925 (Cell)<br>
><br>
> <a href="http://www.cstcorp.net/" target="_blank">http://www.cstcorp.net/</a><br>
><br>
><br>
> From: <a href="mailto:cisco-voip-bounces@puck.nether.net">cisco-voip-bounces@puck.nether.net</a> [mailto:<a href="mailto:cisco-voip-">cisco-voip-</a><br>
> <a href="mailto:bounces@puck.nether.net">bounces@puck.nether.net</a>] On Behalf Of <a href="mailto:svr.file@gmail.com">svr.file@gmail.com</a><br>
> Sent: Thursday, May 14, 2009 10:39 AM<br>
> To: <a href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</a><br>
> Subject: [cisco-voip] LDAP & CUCM Integration<br>
><br>
><br>
> I'm having some issues getting a Windows 2000 Server, SP4, LDAP<br>
> server to integrate with CUCM7.<br>
><br>
> I have created a dedicated user account in AD for the integration,<br>
> enabled LDAP System server type MS AD with the User ID<br>
> sAMAccountName. I have configure LDAP Directory with the user<br>
> account that I created in AD and the LDAP User Search Base with the<br>
> following format: OU=<the OU that the end user accounts are<br>
> in>,DC=testlab,DC=local.<br>
><br>
> The problem is that no users are imported when I run the perform<br>
> the full sycn?<br>
><br>
> Can anyone help with this problem.<br>
><br>
> Thanks.<br>
><br>
><br>
> _______________________________________________ cisco-voip mailing<br>
> list<br>
> <a href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</a><br>
> <a href="https://puck.nether.net/mailman/listinfo/cisco-voip" target="_blank">https://puck.nether.net/mailman/listinfo/cisco-voip</a><br>
<br>
<br>
_______________________________________________<br>
cisco-voip mailing list<br>
<a href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</a><br>
<a href="https://puck.nether.net/mailman/listinfo/cisco-voip" target="_blank">https://puck.nether.net/mailman/listinfo/cisco-voip</a><br>
<br>
</div></div>_______________________________________________<br>
<div class="im">cisco-voip mailing list<br>
<a href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</a><br>
<a href="https://puck.nether.net/mailman/listinfo/cisco-voip" target="_blank">https://puck.nether.net/mailman/listinfo/cisco-voip</a><br>
<br>
</div>******************************************************************************<br>
- NOTICE FROM DIMENSION DATA AUSTRALIA<br>
This message is confidential, and may contain proprietary or legally privileged information. If you have received this email in error, please notify the sender and delete it immediately.<br>
<br>
Internet communications are not secure. You should scan this message and any attachments for viruses. Under no circumstances do we accept liability for any loss or damage which may result from your receipt of this message or any attachments.<br>
******************************************************************************<br>
<br>
</blockquote></div><br>