I have tried this in the lab with a Windows 2003 domain and it worked perfectly, for some reason it just did not want to synch with the Windows 2000 domain?<br><br>Thanks.<br><br><br><div class="gmail_quote">2009/5/15 Dana Tong (AU) <span dir="ltr"><<a href="mailto:Dana.Tong@didata.com.au">Dana.Tong@didata.com.au</a>></span><br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">I have LDAP directory and auth working in CUCM 7.0.2 using the global catalog port 3268 (instead of 389) because the customer has users in different containers.<br>
<br>
Try using an LDAP browser to isolate the problem. Hope this helps.<br>
<br>
Cheers<br>
Dana<br>
<div><div></div><div class="h5"><br>
-----Original Message-----<br>
From: <a href="mailto:cisco-voip-bounces@puck.nether.net">cisco-voip-bounces@puck.nether.net</a> [mailto:<a href="mailto:cisco-voip-bounces@puck.nether.net">cisco-voip-bounces@puck.nether.net</a>] On Behalf Of Ryan Ratliff<br>
Sent: Friday, May 15, 2009 5:45 AM<br>
To: <a href="mailto:svr.file@gmail.com">svr.file@gmail.com</a><br>
Cc: <a href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</a><br>
Subject: Re: [cisco-voip] LDAP & CUCM Integration<br>
<br>
Those are just the headers, you need to look at the data in the<br>
packet capture which means you need to set 'size all' and write to a<br>
file.<br>
<br>
I'd recommend opening a TAC SR at this point if you aren't<br>
comfortable analyzing the ldap traffic as the ldap account password<br>
will be sent in cleartext.<br>
<br>
-Ryan<br>
<br>
On May 14, 2009, at 1:55 PM, <a href="mailto:svr.file@gmail.com">svr.file@gmail.com</a> wrote:<br>
<br>
This is the output of the CUCM capture:<br>
<br>
admin:utils network capture port 389<br>
Executing command with options:<br>
�size=128 � � � � � � � �count=1000 � � � � � � �interface=eth0<br>
�src= � � � � � � � � � �dest= � � � � � � � � � port=389<br>
�ip=<br>
19:50:33.251722 IP cucm7pub.52678 > 10.101.1.9.ldap: S<br>
332011513:332011513(0) win 5840 <mss 1460,sackOK,timestamp 53692015<br>
0,nop,wscale 2><br>
19:50:33.258213 IP 10.101.1.9.ldap > cucm7pub.52678: S<br>
3972356909:3972356909(0) ack 332011514 win 64240 <mss 1460,nop,wscale<br>
0,nop,nop,timestamp 0 0,nop,nop,sackOK><br>
19:50:33.258299 IP cucm7pub.52678 > 10.101.1.9.ldap: . ack 1 win 1460<br>
<nop,nop,timestamp 53692018 0><br>
19:50:33.266567 IP cucm7pub.52678 > 10.101.1.9.ldap: P 1:15(14) ack 1<br>
win 1460 <nop,nop,timestamp 53692033 0><br>
19:50:33.267490 IP 10.101.1.9.ldap > cucm7pub.52678: P 1:23(22) ack<br>
15 win 64226 <nop,nop,timestamp 254075 53692033><br>
19:50:33.267613 IP cucm7pub.52678 > 10.101.1.9.ldap: . ack 23 win<br>
1460 <nop,nop,timestamp 53692035 254075><br>
19:50:33.269813 IP cucm7pub.52678 > 10.101.1.9.ldap: P 15:60(45) ack<br>
23 win 1460 <nop,nop,timestamp 53692036 254075><br>
19:50:33.291480 IP 10.101.1.9.ldap > cucm7pub.52678: P 23:45(22) ack<br>
60 win 64181 <nop,nop,timestamp 254076 53692036><br>
19:50:33.307339 IP cucm7pub.52678 > 10.101.1.9.ldap: P 60:183(123)<br>
ack 45 win 1460 <nop,nop,timestamp 53692074 254076><br>
19:50:33.310497 IP 10.101.1.9.ldap > cucm7pub.52678: P 45:819(774)<br>
ack 183 win 64058 <nop,nop,timestamp 254076 53692074><br>
19:50:33.329261 IP cucm7pub.52678 > 10.101.1.9.ldap: P 183:220(37)<br>
ack 819 win 1847 <nop,nop,timestamp 53692096 254076><br>
19:50:33.329805 IP cucm7pub.52678 > 10.101.1.9.ldap: FP 220:256(36)<br>
ack 819 win 1847 <nop,nop,timestamp 53692097 254076><br>
19:50:33.331074 IP 10.101.1.9.ldap > cucm7pub.52678: . ack 257 win<br>
63985 <nop,nop,timestamp 254076 53692096><br>
19:50:33.331084 IP 10.101.1.9.ldap > cucm7pub.52678: F 819:819(0) ack<br>
257 win 63985 <nop,nop,timestamp 254076 53692096><br>
19:50:33.331290 IP cucm7pub.52678 > 10.101.1.9.ldap: . ack 820 win<br>
1847 <nop,nop,timestamp 53692098 254076><br>
<br>
I have a done a trace on the DirSync and sounds the follow but not<br>
sure what it means: Missing LDAP attribute: Attribute Count=3 ?<br>
<br>
As far as I can see all the User Fields To Be Synchronized are<br>
correct, does this refer to something else?<br>
<br>
Thanks.<br>
<br>
<br>
2009/5/15 Wes Sisk <<a href="mailto:wsisk@cisco.com">wsisk@cisco.com</a>><br>
2 options:<br>
1. Take a packet capture of traffic between CM and your domain<br>
controller. �Review the ldap traffic to see what is happening.<br>
'utils network capture' from CLI of CM.<br>
2. use RTMT to collect Dirsync logs from CM. �The checkbox in RTMT<br>
Trace and Log Central is called "Cisco DirSync".<br>
<br>
/Wes<br>
<br>
<br>
On Thursday, May 14, 2009 12:51:02 PM, <a href="mailto:svr.file@gmail.com">svr.file@gmail.com</a><br>
<<a href="mailto:svr.file@gmail.com">svr.file@gmail.com</a>> wrote:<br>
> I have just tested it with the domain administrator,<br>
> <a href="mailto:administrator@domain.com">administrator@domain.com</a> as the username but still didn't import<br>
> the user accounts.<br>
><br>
><br>
><br>
> 2009/5/15 Keith Klevenski <<a href="mailto:KKlevenski@cstcorp.net">KKlevenski@cstcorp.net</a>><br>
> Make sure the AD account you created has the appropriate rights to<br>
> the directory. �I would test with an admin account first that way<br>
> you know it isn't a rights problem.<br>
><br>
><br>
><br>
> Keith Klevenski<br>
><br>
> Senior Network Architect<br>
><br>
> CST CORP<br>
><br>
> 12210 Bedford St.<br>
><br>
> Houston, TX 77031<br>
><br>
> 832-613-0660 (Office - Direct)<br>
><br>
> 713-263-1333 (Office - Fax)<br>
><br>
> 713-677-3925 (Cell)<br>
><br>
> <a href="http://www.cstcorp.net/" target="_blank">http://www.cstcorp.net/</a><br>
><br>
><br>
> From: <a href="mailto:cisco-voip-bounces@puck.nether.net">cisco-voip-bounces@puck.nether.net</a> [mailto:<a href="mailto:cisco-voip-">cisco-voip-</a><br>
> <a href="mailto:bounces@puck.nether.net">bounces@puck.nether.net</a>] On Behalf Of <a href="mailto:svr.file@gmail.com">svr.file@gmail.com</a><br>
> Sent: Thursday, May 14, 2009 10:39 AM<br>
> To: <a href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</a><br>
> Subject: [cisco-voip] LDAP & CUCM Integration<br>
><br>
><br>
> I'm having some issues getting a Windows 2000 Server, SP4, LDAP<br>
> server to integrate with CUCM7.<br>
><br>
> I have created a dedicated user account in AD for the integration,<br>
> enabled LDAP System server type MS AD with the User ID<br>
> sAMAccountName. I have configure LDAP Directory with the user<br>
> account that I created in AD and the LDAP User Search Base with the<br>
> following format: OU=<the OU that the end user accounts are<br>
> in>,DC=testlab,DC=local.<br>
><br>
> The problem is that no users are imported when I run the perform<br>
> the full sycn?<br>
><br>
> Can anyone help with this problem.<br>
><br>
> Thanks.<br>
><br>
><br>
> _______________________________________________ cisco-voip mailing<br>
> list<br>
> <a href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</a><br>
> <a href="https://puck.nether.net/mailman/listinfo/cisco-voip" target="_blank">https://puck.nether.net/mailman/listinfo/cisco-voip</a><br>
<br>
<br>
_______________________________________________<br>
cisco-voip mailing list<br>
<a href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</a><br>
<a href="https://puck.nether.net/mailman/listinfo/cisco-voip" target="_blank">https://puck.nether.net/mailman/listinfo/cisco-voip</a><br>
<br>
</div></div>_______________________________________________<br>
<div class="im">cisco-voip mailing list<br>
<a href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</a><br>
<a href="https://puck.nether.net/mailman/listinfo/cisco-voip" target="_blank">https://puck.nether.net/mailman/listinfo/cisco-voip</a><br>
<br>
</div>******************************************************************************<br>
�- NOTICE FROM DIMENSION DATA AUSTRALIA<br>
This message is confidential, and may contain proprietary or legally privileged information. �If you have received this email in error, please notify the sender and delete it immediately.<br>
<br>
Internet communications are not secure. You should scan this message and any attachments for viruses. �Under no circumstances do we accept liability for any loss or damage which may result from your receipt of this message or any attachments.<br>
******************************************************************************<br>
<br>
</blockquote></div><br>