Cisco Unified MeetingPlace, Release 6.x -- Problems with LDAP Authentication
Users Are Not Being Authenticated
If Cisco Unified MeetingPlace Web Conferencing is configured for LDAP authentication, but users are not being properly authenticated, check the Cisco Unified MeetingPlace eventlog. LDAP messages appear in the eventlog every time an authentication is performed. To access the eventlog, right-click the Cisco Unified MeetingPlace icon in the system tray and choose Eventlog.
If the authentication is successful, you will see a message such as the following in the eventlog:
LDAP Authenticated user: <username>
If the authentication fails, one of the following error messages will be logged in the eventlog:
Error Message: Error Message LDAP could not find user: <username>
Explanation: Explanation The user was not found (LDAP_NO_SUCH_OBJECT).
Error Message: Error Message LDAP could not authenticate user: <username>
Explanation: Explanation User had bad credentials (LDAP_INVALID_CREDENTIALS); this is typically caused by using the wrong password.
Error Message: Error Message ldap_simple_bind_s failed with error <hexadecimal number>
Explanation: Explanation This message is logged when the authentication fails for any other reason besides user not found or bad credentials. The hexadecimal number in the error code indicates the failure reason. Descriptions of the hexadecimal codes can be found at http://msdn2.microsoft.com/en-us/library/aa367014.aspx.
Common Problems with LDAP Distinguished Name Configuration
Note the following considerations for properly configuring the LDAP Distinguished Name (DN) field when configuring LDAP authentication on the Web Server:
- Cisco Unified MeetingPlace user profile login names are limited to 17 characters; therefore, the LDAP match be 17 characters or less.
- You can only enter one value for the LDAP Distinguished Name (DN) field in the Cisco Unified MeetingPlace Web Conferencing directory configuration. If your users are segregated into multiple organizational units (OUs), you can work around this issue by using either the DOMAIN\USER or email@example.com format for the DN. When configuring the LDAP Distinguished Name field in Cisco Unified MeetingPlace Web Conferencing, enter just %USERNAME%, without specifying an OU, DC, or other parameter.
- If the LDAP server that is being used is the LDAP interface on a Microsoft Active Directory server, leave the DN field blank (empty) for authentication to work. When configured in this manner, the format of the usernames that the user enters must be DOMAIN\USER or firstname.lastname@example.org.