Reporting Configuration: Configure LDAP/AD

From DocWiki

(Difference between revisions)
Jump to: navigation, search
(Configure LDAP (Active Directory) for user authentication)
(Configure LDAP (Active Directory) for user authentication)
Line 48: Line 48:
| Release 8.0(1)
| Release 8.0(1)
! '''Associated CDETS #'''
! '''Associated CDETS#/ Similar SRs '''
| None'''
| 615387559 '''
[[Category: Configuration Examples]]
[[Category: Configuration Examples]]

Revision as of 08:02, 14 September 2010

Configure LDAP (Active Directory) for user authentication

Problem Summary Domain user cannot log in through LDAP server
Error Message Invalid username or password. Please try again.
Possible Cause The LDAP parameters are incorrect or incomplete
Recommended Action Sample parameters:
Host Address for Active Directory Server: 
port: 389 
"Use SSL" is not checked 
Host Address for Redundant Active Directory Server:
Manager Distinguished Name: CN=Administrator, CN=Users, DC=myCompany, DC=com 
Manager Password: <password for user administrator> 
User Search Base: CN=Users, DC=myCompany, DC=com 
Attribute for User ID: sAMAccountName 
Sample value 2 for Manager Distinguished Name: CN=user1,OU=icm8,OU=UCCE80,OU=Cisco_ICM_domain,DC=UCCE80,DC=cisco,DC=com
Sample value 3 for Manager Distinguished Name: CN=testuser,OU=Employees,OU=Cisco Users,DC=cisco,DC=com

Tip 1: The values of OU could be case sensitive. 
Tip 2: The max number of characters for Manager Distinguished Name field cannot exceed 85. 

Action Plan-1: Verify following in CUIC setup

1. Verify the users credentials are correct in Active Directory
2. Verify the user is logging in with the correct Domain pre-pended to their Active Directory username. Verify they have not been locked out in Active Directory for too many failed login attempts.
3. Verify that the Active Directory server configured in OAMP is the same one used by UCCE/ICM. Verify the Manager Distinguished Name has the correct Domain name as that used by the ICM Server: CN=Administrator, CN=users, DC=MYDOMAIN, DC=COM

Action Plan-2: If Domain user is not able to login to CUIC yet, do the following:

Step-1: In OAMP Active Directory configuration page, check if User Search Base has 'CN=Users' in it. This is needed except incase User Search Base is already CN=Domain Users. Try To login to CUIC with supervisor name prepended with proper domain name
Step-2: If Step-1 doesn’t work, If user is not able to login still, modify to 'CN=Domain Users' in User Search Base and try to login 
Step-3: If Step-2 doesn’t work, change following
 Attribute for User ID = userPrincipalName 
 User Search Base search base, modify to = CN=Domain Users
And then try to login to CUIC with user id as (for this to work Ldap should be configured to accept both UserPrincipleName for login)

Release Release 8.0(1)
Associated CDETS#/ Similar SRs 615387559

Rating: 0.0/5 (0 votes cast)

Personal tools