Guest

Cisco Unified Communications Manager (CallManager)

Cisco CallManager 5.x and 6.x: Active Directory LDAP Authentication Fails with Distinguished Name

Document ID: 100390

Updated: Dec 16, 2007

   Print

Introduction

During an attempt to integrate Active Directory (AD) Lightweight Directory Access Protocol (LDAP) connection in Cisco CallManager 5.x and 6.x, the LDAP authentication fails with the Login Failure to Host ldap://<Ip Address:port no>, Please Re-Enter LDAP Manager Distinguished Name and Password error message . This document provides information on how to troubleshoot this issue.

Prerequisites

Requirements

There are no specific requirements for this document.

Components Used

This document is not restricted to specific software and hardware versions.

The information in this document is based on these software and hardware versions:

  • Cisco CallManager 5.x and 6x

  • Microsoft Active Directory

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.

Conventions

Refer to Cisco Technical Tips Conventions for more information on document conventions.

Background Information

Before you troubleshoot the issue, check this in the Cisco CallManager server:

  • Choose Cisco Unified OS administration > Services > Ping, and make sure you can ping your AD server.

  • Choose System > LDAP > LDAP System, and make sure that Enable Synchronizing from LDAP Server is checked and the value for LDAP Server Type is Microsoft Active Directory.

Problem

When you try to set up the Active Directory (AD) LDAP in Cisco CallManager server with the LDAP Directory option, LDAP authentication fails with the Login Failure to Host ldap://<Ip Address:port no>, Please Re-Enter LDAP Manager Distinguished Name and Password error message.

Solution

This issue occurs when you use the incorrect LDAP Manager Distinguished Name in the LDAP Directory configuration.

  • Make sure that the LDAP Manager Distinguished Name contains the complete canonical name. For example, -cn=Administrator,ou=Static Domain Users,dc=static,dc=ciscoas,dc=ad. Refer to http://msdn2.microsoft.com/en-us/library/aa366101.aspx leavingcisco.com for more information and guidelines on how to configure the Distinguished Names. callmanager-ldap-dn.gif

  • For the LDAP Manager Distinguished Name, you need to enter the user ID, which can be up to 128 characters, of the LDAP Manager, who is an administrative user that has access rights to the LDAP directory. Refer to LDAP Synchronization for more information.

Related Information

Updated: Dec 16, 2007
Document ID: 100390