Reporting Configuration: Configure LDAP/AD

From DocWiki

(Difference between revisions)
Jump to: navigation, search
 
(5 intermediate revisions not shown)
Line 1: Line 1:
-
== Configure LDAP (Active Directory) for user authentication ==
+
'''This page has been moved to [http://docwiki.cisco.com/wiki/Reporting_Configuration:_Configure_LDAP_%28Active_Directory%29_for_user_authentication Reporting Configuration: Configure LDAP (Active Directory) for user authentication]'''
-
 
+
-
{| border="1"
+
-
|-
+
-
! '''Problem Summary'''
+
-
| Domain user cannot log in through LDAP server
+
-
|-
+
-
! '''Error Message'''
+
-
|  Invalid username or password. Please try again.
+
-
|-
+
-
! '''Possible Cause'''
+
-
| The LDAP parameters are incorrect or incomplete
+
-
|-
+
-
! '''Recommended Action'''
+
-
|Sample parameters:
+
-
Host Address for Active Directory Server: 192.168.1.2
+
-
port: 389
+
-
"Use SSL" is not checked
+
-
Host Address for Redundant Active Directory Server:
+
-
Manager Distinguished Name: CN=Administrator, CN=Users, DC=myCompany, DC=com  
+
-
Manager Password: <password for user administrator>
+
-
User Search Base: CN=Users, DC=myCompany, DC=com
+
-
Attribute for User ID: sAMAccountName
+
-
 
+
-
Sample value 2 for Manager Distinguished Name: CN=user1,OU=icm8,OU=UCCE80,OU=Cisco_ICM_domain,DC=UCCE80,DC=cisco,DC=com
+
-
Sample value 3 for Manager Distinguished Name: CN=testuser,OU=Employees,OU=Cisco Users,DC=cisco,DC=com
+
-
+
-
Tip 1: The values of OU could be case sensitive.
+
-
Tip 2: The max number of characters for Manager Distinguished Name field cannot exceed 85.
+
-
 
+
-
'''Action Plan-1:''' Verify following in CUIC setup
+
-
1. Verify the users credentials are correct in Active Directory
+
-
2. Verify the user is logging in with the correct Domain pre-pended to their Active Directory username. Verify they have not been locked out in Active Directory for too many failed login attempts.
+
-
3. Verify that the Active Directory server configured in OAMP is the same one used by UCCE/ICM. Verify the Manager Distinguished Name has the correct Domain name as that used by the ICM Server: CN=Administrator, CN=users, DC=MYDOMAIN, DC=COM
+
-
 
+
-
'''Action Plan-2:''' If Ldap user is not able to login to CUIC yet, do the following:
+
-
 
+
-
Step-1: In OAMP Active Directory configuration page, check if User Search Base has 'CN=Users' in it. This is needed except incase User Search Base is already CN=Domain Users. Try To login to CUIC with supervisor name prepended with proper domain name
+
-
Step-2: If Step-1 doesn’t work, If user is not able to login still, modify to 'CN=Domain Users' in User Search Base and try to login
+
-
Step-3: If Step-2 doesn’t work, change following
+
-
  Attribute for User ID = userPrincipalName
+
-
  User Search Base search base, modify to = CN=Domain Users
+
-
And then try to login to CUIC with user id as testuser@bioscripinc.net (for this to work Ldap should be configured to accept both UserPrincipleName for login)
+
-
 
+
-
 
+
-
|-
+
-
! '''Release'''
+
-
| Release 8.0(1)
+
-
|-
+
-
! '''Associated CDETS #'''
+
-
| None'''
+
-
|-
+
-
|}
+
-
[[Category: Configuration Examples]]
+

Latest revision as of 09:01, 21 September 2010

This page has been moved to Reporting Configuration: Configure LDAP (Active Directory) for user authentication

Rating: 0.0/5 (0 votes cast)

Personal tools