Mailing List Archive

Change your search space in the plugin to your whole Domain (domain.com)
rather then users.domain.com.

We had the same problem.

Scott

-----Original Message-----
From: Jeff Behl [mailto:jeff@expertcity.com]
Sent: Wednesday, April 21, 2004 10:03 AM
To: cisco-voip@puck.nether.net
Subject: [cisco-voip] ccmuser login...how to change BaseDN?

The windows guys decided to get fancy and moved users into OUs in active
directory, which of course made it so people logging into the
https://cm-1.corp/ccmuser/logon.asp page fail as the BaseDN for LDAP
queries is now different (people aren't in the
'cn=Users,ad=domain,ad=com' group anymore). Does anyone know how to
update the basedn? I've tried re-installing the AD pluggin, but even
though I updated the BaseDN there and rebooted, sniffing traffic still
shows a search using the old BaseDN. Help!

thx..

_______________________________________________
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

Jeff,

The Directory plugin inserts the user creation base and user search base
into a container in the Cisco OU called the SystemProfile, specifically the
attributes:
UserBase
UserCreationBase

Can you check these values in AD using ADSIEdit and set to the appropriate
values? Normally I would expect the plugin to update these, but perhaps it
is being denied update access at install time? Sniffer trace during install
would prove yeah/nah.

/Wes

> -----Original Message-----
> From: cisco-voip-bounces@puck.nether.net
> [mailto:cisco-voip-bounces@puck.nether.net]On Behalf Of Jeff Behl
> Sent: Wednesday, April 21, 2004 1:03 PM
> To: cisco-voip@puck.nether.net
> Subject: [cisco-voip] ccmuser login...how to change BaseDN?
>
>
> The windows guys decided to get fancy and moved users into OUs in
> active directory, which of course made it so people logging into
> the https://cm-1.corp/ccmuser/logon.asp page fail as the BaseDN
> for LDAP queries is now different (people aren't in the
> 'cn=Users,ad=domain,ad=com' group anymore). Does anyone know how
> to update the basedn? I've tried re-installing the AD pluggin,
> but even though I updated the BaseDN there and rebooted, sniffing
> traffic still shows a search using the old BaseDN. Help!
>
> thx..
>
> _______________________________________________
> cisco-voip mailing list
> cisco-voip@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip

I did...but it doesn't want to seem to take effect, ever after a reboot. When I re-installed the AD pluggin (and rebooted) a second time, it even had the new BaseDN pre-populated in the configurationo screen...so i don't know where it's still getting the old BaseDN.

I've only done this to the publisher, by the way, but it's also the machine I'm trying to login to via the ccmuser/logon.asp page, and where I'm seeing (via traffic snooping) the LDAP traffic originate to/from that has the wrong DN.

jeff



Voll, Scott wrote:

> Change your search space in the plugin to your whole Domain (domain.com)
> rather then users.domain.com.
>
> We had the same problem.
>
> Scott
>
> -----Original Message-----
> From: Jeff Behl [mailto:jeff@expertcity.com]
> Sent: Wednesday, April 21, 2004 10:03 AM
> To: cisco-voip@puck.nether.net
> Subject: [cisco-voip] ccmuser login...how to change BaseDN?
>
> The windows guys decided to get fancy and moved users into OUs in active
> directory, which of course made it so people logging into the
> https://cm-1.corp/ccmuser/logon.asp page fail as the BaseDN for LDAP
> queries is now different (people aren't in the
> 'cn=Users,ad=domain,ad=com' group anymore). Does anyone know how to
> update the basedn? I've tried re-installing the AD pluggin, but even
> though I updated the BaseDN there and rebooted, sniffing traffic still
> shows a search using the old BaseDN. Help!
>
> thx..
>
> _______________________________________________
> cisco-voip mailing list
> cisco-voip@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip

After some sniffing I found a 'special' character in our password was being interpreted by the install pluggin which caused it to send over a bogus password during the bind procedure. Thanks to Wes for pointing out bug CSCeb55405.

New question: Now that the BaseDN is updated to reflect the entire domain ('ad=domain,ad=com' instead of 'cn=Users,ad=domain,ad=com'), I'm seeing 'reference URLs' being returned that point to every DC in the domain and watching the CallManager try and follow all of them. While eventually the query succeeds in going to the DC that was specified in the install (and which was queried first), it takes forever for requests to all the other DCs to timeout (they aren't accessible). With openldap you can specify 'referrals no' on the client end to make it not follow referrals. Is there a way to do this with the CM?

If anyone happens to know the answer to this, awesome, otherwise time to do battle with the Windows folks...who will assuredly have no idea what I'm talking about...

thx


Jeff Behl wrote:

> The windows guys decided to get fancy and moved users into OUs in active
> directory, which of course made it so people logging into the
> https://cm-1.corp/ccmuser/logon.asp page fail as the BaseDN for LDAP
> queries is now different (people aren't in the
> 'cn=Users,ad=domain,ad=com' group anymore). Does anyone know how to
> update the basedn? I've tried re-installing the AD pluggin, but even
> though I updated the BaseDN there and rebooted, sniffing traffic still
> shows a search using the old BaseDN. Help!
>
> thx..
>
> _______________________________________________
> cisco-voip mailing list
> cisco-voip@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip