Known Issue: Cisco Unified Personal Communicator Fails to Connect to LDAP

From DocWiki

Jump to: navigation, search

Back to Cisco Unified Personal Communicator Main Page: Known Issues: Cisco Unified Personal Communicator Integration


You must integrate LDAP with Cisco Unified Personal Communicator. If this integration fails, Cisco Unified Personal Communicator will not be able to search LDAP for contact information.


What Caused it?

Typically, this failure happens if one of these conditions is true:

  1. Incorrectly configured LDAP server address or port number on the LDAP server
  2. Incorrectly configured Distinguished Name in the LDAP profile, or incorrect format used
  3. Incorrectly configured password in the LDAP profile, or the account has been locked out


What Can You Do?

1. Incorrectly configured LDAP server address or port number on the LDAP server

Possible Solutions

  • Consult the LDAP Administrator, and verify that the LDAP address and port number are correct.
  • Telnet to the LDAP address (192.168.1.10) and port number (3268) as follows to verify the connection:
  • Open a command prompt on a Windows machine, and type this:
telnet 192.168.1.10 3268

Results:

If a blinking cursor displays, it confirms that the connection was established with the LDAP server

If a message of this type (below) displays, it confirms that the connection could not be established with the LDAP server:

Connecting To 192.168.1.10...Count not open connection to the host, on port 3268: Connect failed


2. Incorrectly configured Distinguished Name in the LDAP profile, or incorrect format used


Possible Solutions

Use a dsquery command to verify the Distinguished Name, as the following example shows:

C:\>dsquery user -samid cupcldap "CN=CUPC LDAP, OU=Service Accounts, DC=r7,DC=com"


3. Incorrectly configured password in the LDAP profile, or the account has been locked out

To fix this issue, you need to first understand how the authentication between Cisco Unified Personal Communicator and LDAP works:

  • When Cisco Unified Personal Communicator signs in, the client application downloads the LDAP DN and password from the Cisco Unified Presence server.
  • Cisco Unified Personal Communicator uses the LDAP DN and password to authenticate with the LDAP server adn perform binding.
  • Cisco Unified Personal Communicator will not receive updated configuration data until its next logon.

If the wrong LDAP information downloads to Cisco Unified Personal Communicator (for whatever reason), it locks out the LDAP account after three attempts. To recover from a lockout, take these steps in sequence:

  1. Go to Cisco Unified Personal Communicator and select Application > Cisco Unified Personal Communicator > LDAP Profile.
  2. Update the LDAP configuration on the LDAP Profile Configuration page.
  3. Sign out of Cisco Unified Personal Communicator and then sign into it again.

This should resolve the issue if you only have one computer running Cisco Unified Personal Communicator.


Frequently Asked Questions for Persistent Problems!


What do I do if I have multiple computers running Cisco Unified Personal Communicator?


If there are multiple machines running Cisco Unified Personal Communicator, you must ensure that the entire lot receive the updated LDAP configuration. This happens if you can manage to locate each running instance of Cisco Unified Personal Communicator, and one by one, manually sign out and sign in again. If you fail to manually exit all instances of Cisco Unified Personal Communicator, the LDAP lockout issue will continue to occur - no matter how many times you unlock it.


Isn't this manual exit of Cisco Unified Personal Communicator (on multiple computers) nearly impossible to do?

Yes, it is very difficult if not impossible to achieve this on a per-computer basis. Unfortunately, there is no centralized mechanism to do a batch job as a single action.


Is there a workaround?

Yes. Complete these steps once Cisco Unified Personal Communicator locks out the LDAP account.

  1. Create another LDAP account
  2. Go to Cisco Unified Presence Administration and select Application > Cisco Unified Personal Communicator > LDAP Profile.
  3. Enter the new account information with care.


what Results Can I Expect?

  • Cisco Unified Personal Communicator instances that signed out and signed in again after your LDAP configuration change will received the updated information and be able to search LDAP for contact information.
  • Cisco Unified Personal Communicator instances that did not sign out will continue to hit the LDAP account lockout issue. But because you have configured a new LDAP account, it does not matter.


What do I do if I believe that all computers running Cisco Unified Personal Communicator have been logged out, but the LDAP account continues to lock?

  1. Go to the Active Directory server (domain controller), and select Event Viewer > Security log.
  2. Check all the audit failure events

Result: You will see the details of the computer that locked out the LDAP account.

Rating: 0.0/5 (0 votes cast)

Personal tools