Guest

Cisco Unified Communications Manager (CallManager)

Cisco CallManager 5.x and 6.x: Active Directory LDAP Authentication Fails with Distinguished Name

Hierarchical Navigation

   Document ID: 100390

PDF Downloads

Cisco CallManager 5.x and 6.x: Active Directory LDAP Authentication Fails with Distinguished Name
 Feedback

Related Documents


    More...

    Related Products/Technology




    Contents

    Introduction
    Prerequisites
          Requirements
          Components Used
          Conventions
    Background Information
    Problem
    Solution
    Cisco Support Community - Featured Conversations
    Related Information

    Introduction

    During an attempt to integrate Active Directory (AD) Lightweight Directory Access Protocol (LDAP) connection in Cisco CallManager 5.x and 6.x, the LDAP authentication fails with the Login Failure to Host ldap://<Ip Address:port no>, Please Re-Enter LDAP Manager Distinguished Name and Password error message . This document provides information on how to troubleshoot this issue.

    Prerequisites

    Requirements

    There are no specific requirements for this document.

    Components Used

    This document is not restricted to specific software and hardware versions.

    The information in this document is based on these software and hardware versions:

    • Cisco CallManager 5.x and 6x

    • Microsoft Active Directory

    The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.

    Conventions

    Refer to Cisco Technical Tips Conventions for more information on document conventions.

    Background Information

    Before you troubleshoot the issue, check this in the Cisco CallManager server:

    • Choose Cisco Unified OS administration > Services > Ping, and make sure you can ping your AD server.

    • Choose System > LDAP > LDAP System, and make sure that Enable Synchronizing from LDAP Server is checked and the value for LDAP Server Type is Microsoft Active Directory.

    Problem

    When you try to set up the Active Directory (AD) LDAP in Cisco CallManager server with the LDAP Directory option, LDAP authentication fails with the Login Failure to Host ldap://<Ip Address:port no>, Please Re-Enter LDAP Manager Distinguished Name and Password error message.

    Solution

    This issue occurs when you use the incorrect LDAP Manager Distinguished Name in the LDAP Directory configuration.

    • Make sure that the LDAP Manager Distinguished Name contains the complete canonical name. For example, -cn=Administrator,ou=Static Domain Users,dc=static,dc=ciscoas,dc=ad. Refer to http://msdn2.microsoft.com/en-us/library/aa366101.aspx leavingcisco.com for more information and guidelines on how to configure the Distinguished Names. /image/gif/paws/100390/callmanager-ldap-dn.gif

    • For the LDAP Manager Distinguished Name, you need to enter the user ID, which can be up to 128 characters, of the LDAP Manager, who is an administrative user that has access rights to the LDAP directory. Refer to LDAP Synchronization for more information.

    Cisco Support Community - Featured Conversations

    Related Information

    Updated: Dec 16, 2007Document ID: 100390