Reporting Configuration: Configure LDAP/AD

From DocWiki

(Difference between revisions)
Jump to: navigation, search
Line 28: Line 28:
  Tip 1: The values of OU could be case sensitive.  
  Tip 1: The values of OU could be case sensitive.  
  Tip 2: The max number of characters for Manager Distinguished Name field cannot exceed 85.  
  Tip 2: The max number of characters for Manager Distinguished Name field cannot exceed 85.  
 +
 +
'''Action Plan-1:''' Verify following in CUIC setup
 +
1. Verify the users credentials are correct in Active Directory
 +
2. Verify the user is logging in with the correct Domain pre-pended to their Active Directory username. Verify they have not been locked out in Active Directory for too many failed login attempts.
 +
3. Verify that the Active Directory server configured in OAMP is the same one used by UCCE/ICM. Verify the Manager Distinguished Name has the correct Domain name as that used by the ICM Server: CN=Administrator, CN=users, DC=MYDOMAIN, DC=COM
 +
 +
'''Action Plan-2:''' If Ldap user is not able to login to CUIC yet, do the following:
 +
 +
Step-1: In OAMP Active Directory configuration page, check if User Search Base has 'CN=Users' in it. This is needed except incase User Search Base is already CN=Domain Users. Try To login to CUIC with supervisor name prepended with proper domain name
 +
Step-2: If Step-1 doesn’t work, If user is not able to login still, modify to 'CN=Domain Users' in User Search Base and try to login
 +
Step-3: If Step-2 doesn’t work, change following
 +
  Attribute for User ID = userPrincipalName
 +
  User Search Base search base, modify to = CN=Domain Users
 +
And then try to login to CUIC with user id as testuser@bioscripinc.net (for this to work Ldap should be configured to accept both UserPrincipleName for login)
 +
 +
|-
|-
! '''Release'''
! '''Release'''

Revision as of 07:54, 14 September 2010

Configure LDAP (Active Directory) for user authentication

Problem Summary Domain user cannot log in through LDAP server
Error Message Invalid username or password. Please try again.
Possible Cause The LDAP parameters are incorrect or incomplete
Recommended Action Sample parameters:
Host Address for Active Directory Server: 192.168.1.2 
port: 389 
"Use SSL" is not checked 
Host Address for Redundant Active Directory Server:
Manager Distinguished Name: CN=Administrator, CN=Users, DC=myCompany, DC=com 
Manager Password: <password for user administrator> 
User Search Base: CN=Users, DC=myCompany, DC=com 
Attribute for User ID: sAMAccountName 
Sample value 2 for Manager Distinguished Name: CN=user1,OU=icm8,OU=UCCE80,OU=Cisco_ICM_domain,DC=UCCE80,DC=cisco,DC=com
Sample value 3 for Manager Distinguished Name: CN=testuser,OU=Employees,OU=Cisco Users,DC=cisco,DC=com

Tip 1: The values of OU could be case sensitive. 
Tip 2: The max number of characters for Manager Distinguished Name field cannot exceed 85. 

Action Plan-1: Verify following in CUIC setup

1. Verify the users credentials are correct in Active Directory
2. Verify the user is logging in with the correct Domain pre-pended to their Active Directory username. Verify they have not been locked out in Active Directory for too many failed login attempts.
3. Verify that the Active Directory server configured in OAMP is the same one used by UCCE/ICM. Verify the Manager Distinguished Name has the correct Domain name as that used by the ICM Server: CN=Administrator, CN=users, DC=MYDOMAIN, DC=COM

Action Plan-2: If Ldap user is not able to login to CUIC yet, do the following:

Step-1: In OAMP Active Directory configuration page, check if User Search Base has 'CN=Users' in it. This is needed except incase User Search Base is already CN=Domain Users. Try To login to CUIC with supervisor name prepended with proper domain name
Step-2: If Step-1 doesn’t work, If user is not able to login still, modify to 'CN=Domain Users' in User Search Base and try to login 
Step-3: If Step-2 doesn’t work, change following
 Attribute for User ID = userPrincipalName 
 User Search Base search base, modify to = CN=Domain Users
And then try to login to CUIC with user id as testuser@bioscripinc.net (for this to work Ldap should be configured to accept both UserPrincipleName for login)


Release Release 8.0(1)
Associated CDETS # None

Rating: 0.0/5 (0 votes cast)

Personal tools