Reporting Configuration: Configure LDAP/AD

From DocWiki

(Difference between revisions)
Jump to: navigation, search
(Removing all content from page)
Line 1: Line 1:
-
== Configure LDAP (Active Directory) for user authentication ==
 
-
{| border="1"
 
-
|-
 
-
! '''Problem Summary'''
 
-
| Domain user cannot log in through LDAP server
 
-
|-
 
-
! '''Error Message'''
 
-
|  Invalid username or password. Please try again.
 
-
|-
 
-
! '''Possible Cause'''
 
-
| The LDAP parameters are incorrect or incomplete
 
-
|-
 
-
! '''Recommended Action'''
 
-
|Sample parameters:
 
-
Host Address for Active Directory Server: 192.168.1.2
 
-
port: 389
 
-
"Use SSL" is not checked
 
-
Host Address for Redundant Active Directory Server:
 
-
Manager Distinguished Name: CN=Administrator, CN=Users, DC=myCompany, DC=com
 
-
Manager Password: <password for user administrator>
 
-
User Search Base: CN=Users, DC=myCompany, DC=com
 
-
Attribute for User ID: sAMAccountName
 
-
 
-
Sample value 2 for Manager Distinguished Name: CN=user1,OU=icm8,OU=UCCE80,OU=Cisco_ICM_domain,DC=UCCE80,DC=cisco,DC=com
 
-
Sample value 3 for Manager Distinguished Name: CN=testuser,OU=Employees,OU=Cisco Users,DC=cisco,DC=com
 
-
 
-
Tip 1: The values of OU could be case sensitive.
 
-
Tip 2: The max number of characters for Manager Distinguished Name field cannot exceed 85.
 
-
 
-
'''Action Plan-1:''' Verify following in CUIC setup
 
-
1. Verify the users credentials are correct in Active Directory
 
-
2. Verify the user is logging in with the correct Domain pre-pended to their Active Directory username. Verify they have not been locked out in Active Directory for too many failed login attempts.
 
-
3. Verify that the Active Directory server configured in OAMP is the same one used by UCCE/ICM. Verify the Manager Distinguished Name has the correct Domain name as that used by the ICM Server: CN=Administrator, CN=users, DC=MYDOMAIN, DC=COM
 
-
 
-
'''Action Plan-2:''' If Domain user is not able to login to CUIC yet, do the following:
 
-
 
-
Step-1: In OAMP Active Directory configuration page, check if User Search Base has 'CN=Users' in it. This is needed except incase User Search Base is already CN=Domain Users. Try To login to CUIC with supervisor name prepended with proper domain name
 
-
Step-2: If Step-1 doesn’t work, If user is not able to login still, modify to 'CN=Domain Users' in User Search Base and try to login
 
-
Step-3: If Step-2 doesn’t work, change following
 
-
  Attribute for User ID = userPrincipalName
 
-
  User Search Base search base, modify to = CN=Domain Users
 
-
And then try to login to CUIC with user id as testuser@bioscripinc.net (for this to work Ldap should be configured to accept both UserPrincipleName for login)
 
-
 
-
'''If AD user is still not able to login
 
-
'''
 
-
1.Login to Active directory using 'Active Directory Explorer by Microsoft' or Softerra LDAP browser
 
-
2.Navigate to the AD account name
 
-
3.Look for attribute distinguishedName, it would be something like "CN=UserName,DC=Users,DC=CompanyName,DC=COM...."
 
-
4.Copy every thing from distinguishedName except CN=UserName to 'User Search Base' element in OAMP Active directory configuration page
 
-
5.Make 'User ID Attribute' to userPrincipleName and from LDAP browser findout the userPrincipleName Attibute
 
-
Use the same thing to login to CUIC, login name would be like testuser@company.com
 
-
6.If user is not able to login to CUIC, then problem might be with Active directory LDAP authentication, then
 
-
Make 'User ID Attribute' to samAccountName and from LDAP browser find out the samAccountName Attibute
 
-
Use the same thing to login to CUIC, login name would be like 'company\testuser'
 
-
 
-
|-
 
-
! '''Release'''
 
-
| Release 8.0(1)
 
-
|-
 
-
! '''Associated CDETS#/ Similar SRs '''
 
-
|  614786193,615387559,614830251, cdets-defectid:CSCth62535 '''
 
-
|-
 
-
|}
 
-
[[Category:Unified IC, Release 8.0]]
 

Revision as of 08:54, 21 September 2010

Rating: 0.0/5 (0 votes cast)

Personal tools