During an attempt to integrate Active Directory (AD) Lightweight Directory Access Protocol (LDAP) connection in Cisco CallManager 5.x and 6.x, the LDAP authentication fails with the Login Failure to Host ldap://<Ip Address:port no>, Please Re-Enter LDAP Manager Distinguished Name and Password error message . This document provides information on how to troubleshoot this issue.
There are no specific requirements for this document.
This document is not restricted to specific software and hardware versions.
The information in this document is based on these software and hardware versions:
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.
Refer to Cisco Technical Tips Conventions for more information on document conventions.
Before you troubleshoot the issue, check this in the Cisco CallManager server:
Choose Cisco Unified OS administration > Services > Ping, and make sure you can ping your AD server.
Choose System > LDAP > LDAP System, and make sure that Enable Synchronizing from LDAP Server is checked and the value for LDAP Server Type is Microsoft Active Directory.
When you try to set up the Active Directory (AD) LDAP in Cisco CallManager server with the LDAP Directory option, LDAP authentication fails with the Login Failure to Host ldap://<Ip Address:port no>, Please Re-Enter LDAP Manager Distinguished Name and Password error message.
This issue occurs when you use the incorrect LDAP Manager Distinguished Name in the LDAP Directory configuration.
Make sure that the LDAP Manager Distinguished Name contains the complete canonical name. For example, -cn=Administrator,ou=Static Domain Users,dc=static,dc=ciscoas,dc=ad. Refer to http://msdn2.microsoft.com/en-us/library/aa366101.aspx for more information and guidelines on how to configure the Distinguished Names.
For the LDAP Manager Distinguished Name, you need to enter the user ID, which can be up to 128 characters, of the LDAP Manager, who is an administrative user that has access rights to the LDAP directory. Refer to LDAP Synchronization for more information.