CUCM LDAP Connection Problem || Error while connecting to ldap://ip-address:389, null

Last week, one of my customers has changed their domain controller infrastructure and so ldap server ip address has been changed basically. I’m  not only synchronizing the phone users over this ldap server, but also managing user authentications from it. After that, they send me the new ldap server ip address and I tried to synchronize users over the ldap server.

The problem started at this point. This system was working perfectly so long time but I cannot make ldap initiating.

It gave an error like this:

Error while connection to ldap://ip-address:389, null

cucm_ldap_problem1

It seems like ldap server can’t let me make lookup. So I did these steps:

  • Tried changing admin password,
  • Tried these formats:
    • username@domain.local,
    • username@domain.com,
    • DOMAIN\username
    • Full canonical name(cn=username, ou=users, dc=domain, dc=local)
  • Tried changing admin account’s credentials (it was under domain admin group, also added to administrators group),
  • Tried another admin account,
  • Tried another search base,
  • Tried with/without ldap custom filter

Nothing solved my problem.

By the way, I was able to connect successfully by ( C:\ telnet LDAP-SERVER-IP 389).
Also I can verify myself as I could make a lookup but no answer came back from ldap server by writing username or password wrong.

cucm_ldap_problem2

 

So, to define whether I can access successfully LDAP server or not, I tried a 3rd party LDAP browser software named “Softerra LDAP Browser”.

cucm_ldap_problem3

It says “A stronger authentication method is required for this server.”

After a quick search, I found nothing to resolve my issue clearly on cisco support and configuration webpages. But, I found an issue effected websense. I basically apply this solution to my case, then everything was perfect both synchronization and authentication.

cucm_ldap_problem4

It says we need to change Domain controller: LDAP server signing requirements to NONE and Network security:LDAP client signing requirements to NEGOTIATE.

 

 

 

cucm_ldap_problem5

 

 

I hope this would be helpful and informative for you. If you encounter this, I firstly suggest you to check all those above steps under the first picture.

PS: I also opened a TAC case and an engineer investigated the problem. He said “this is a server issue and you should forward this to your server administrator or solve yourself.”

Leave a Reply

Your email address will not be published. Required fields are marked *

One comment

  1. Nice post. I learn something totally new and challenging on websites I stumbleupon on a daily basis. It will always be useful to read content from other writers and practice something from other sites. |