<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
IPCC is going to authenticate via CTI. You will want to check the IMS
(identity management session) trace lines inside of the CTI SDI traces
(checkbox in RTMT)<br>
<br>
CCMUser authentication goes through Tomcat. Tomcat has its own hooks
to IMS. Tomcat logs for IMS:<br>
admin:file list activelog tomcat/logs/security/log4j/*<br>
security.bin security00001.log<br>
security00002.log security00003.log<br>
security00004.log security00005.log<br>
security00006.log security00007.log<br>
security00008.log security00009.log<br>
security00010.log <br>
dir count = 0, file count = 11<br>
<br>
IMS is primarily the informix database. It tracks authentication and
attempts. For LDAP sync IMS stores the md5hash of the password from AD
in the informix database. <br>
<br>
<br>
All that said we are seeing many authentication failures when informix
gets too busy. Informix may eventually return but not before
timeouts. Unfortunately there is no way to identify what is causing
informix to be too busy. This need is captured by<br>
Need an Informix profiler built into CLI , Open CSCsz67357<br>
<br>
which is also in the hot issues list.<br>
<br>
When people are encountering this issue the IMS cache usually offers
some reprieve. You can enable IMS cache with the enterprise parameter
"Enable Caching". With this the user must authenticate successfully
once and then the successful attributes will be cached. In real
world terms that means you must experience a timeout at least once even
after enabling the cache. But so long as that auth request was
successful then subsequent logins will be expedient.<br>
<br>
HTH<br>
<br>
/Wes<br>
<br>
<br>
On Monday, June 15, 2009 3:06:15 PM, Carter, Bill
<a class="moz-txt-link-rfc2396E" href="mailto:bcarter@sentinel.com"><bcarter@sentinel.com></a> wrote:<br>
<blockquote
cite="mid:C0B4574561D1E04DBB500BA062BAF226EF4B1B@Mail1.sentinel.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html; ">
<meta name="Generator" content="Microsoft Word 12 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
        {font-family:"Cambria Math";
        panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0in;
        margin-bottom:.0001pt;
        font-size:11.0pt;
        font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:purple;
        text-decoration:underline;}
span.EmailStyle17
        {mso-style-type:personal-compose;
        font-family:"Calibri","sans-serif";
        color:windowtext;}
.MsoChpDefault
        {mso-style-type:export-only;}
@page Section1
        {size:8.5in 11.0in;
        margin:1.0in 1.0in 1.0in 1.0in;}
div.Section1
        {page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="Section1">
<p class="MsoNormal">I have a CM 6.13 cluster synched to AD. We are
also using AD
for Authentication. There is an IPCC Express Call Center connected to
the
cluster. <o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">We are getting reports that occasionally Call
Center users
can not login to CAD. When this happens, they immediately try to login
to the CCMuser
web page and this also fails. After a few minutes they are able to
login.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">This seems to happen in a cluster, were 2-4
users have the
same problem at the same time.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">On CM, what trace files can I use to look at
LDAP authentication?
I have debug traces on DirSync but I don’t know if this will also show
authentication problems.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">CM is configured with 2 servers for LDAP
authentication.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<pre wrap="">
<hr size="4" width="90%">
_______________________________________________
cisco-voip mailing list
<a class="moz-txt-link-abbreviated" href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</a>
<a class="moz-txt-link-freetext" href="https://puck.nether.net/mailman/listinfo/cisco-voip">https://puck.nether.net/mailman/listinfo/cisco-voip</a>
</pre>
</blockquote>
<br>
</body>
</html>