Active directory question

[jenalolo]

Hi it is CM/SM/SMGR 8.1. the active directory is working ok on Softphone Avaya IX workplace. I also configured vantage K175 phone but AD is not working on that hard phone. When i check the logs with wireshark it shows some binding error. Can somebody help??

 

[kyle555]

If it's AD, get Softerra LDAP Browser, it can log in to your AD with "currently logged in Windows user" and you'll see what the binding is like to compare

 

[jenalolo]

Hi Kyle, I am able to get the AD user on Softphone. It is the hard phone (K175 Vantage) i am getting error. Through wireshark i can see i am able to login but then it gave binding error. Any more help? Mean time i will download LDAP browser and will check.

 

[kyle555]

it should be the same stuff to bind via any softphone and the vantage. Heck, any Linux CLI with ldap tools installed should let you use the 'ldapsearch' command and use the same parameters to search ldap from a CLI if you were so inclined. If you're doing the same thing on both and it's not working on the Vantage, maybe you got a bug. Any weird characters?

 

[jenalolo]

Hi Kyle,
i am not sure regarding the search option included in 4xxsetting file. Can you put a sample/working LDAP parameters whxih should be included in 4xxsettings? What exactly parameters are used for binding purpose only?

 

[kyle555]

https://downloads.avaya.com/css/P8/documents/101061849

page 284

DIRENABLED_PLATFORM 1
DIRSRVR 10.10.10.10
DIRSRVRPRT 389
DIRTOPDN "CN=Users,DC=contoso,dc=com"
DIRSECURE 0

But I don't see anything about credentials in the config. That could make sense as putting usernames and passwords in a text file would be bad security practice. But, if you got into the settings and could put your own account to bind with your password, you'd be "CN=First Last,CN=Users,DC=contoso,DC=com

 

[jenalolo]

Still struggling, Below are the Wireshark capture of the error. The LDAP credentials and settings are working quite well on Avaya Workplace softphone. Any more help?

No. Time Source Destination Protocol Length Info
1209 198.052908 XX.XX.XX.XX XX.XX.XX.XX LDAP 68 bindRequest(1) "<ROOT>" simple
1210 198.053988 XX.XX.XX.XX XX.XX.XX.XX LDAP 76 bindResponse(1) success
1211 198.054586 XX.XX.XX.XX XX.XX.XX.XX LDAP 68 bindRequest(2) "<ROOT>" simple
1212 198.055770 XX.XX.XX.XX XX.XX.XX.XX LDAP 76 bindResponse(2) success
1219 198.808133 XX.XX.XX.XX XX.XX.XX.XX LDAP 216 searchRequest(3) "<ROOT>" wholeSubtree
1220 198.809157 XX.XX.XX.XX XX.XX.XX.XX LDAP 228 searchResDone(3) operationsError (000004DC: LdapErr: DSID-0C090A4C, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v3839) [0 results]
1222 198.876185 XX.XX.XX.XX XX.XX.XX.XX LDAP 225 searchRequest(4) "<ROOT>" wholeSubtree
1223 198.877292 XX.XX.XX.XX XX.XX.XX.XX LDAP 228 searchResDone(4) operationsError (000004DC: LdapErr: DSID-0C090A4C, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v3839) [0 results]
1236 199.423746 XX.XX.XX.XX XX.XX.XX.XX LDAP 61 unbindRequest(5)

 

[jimbojimbo]

If you are using 389/3268 check PSN 5526. Insecure LDAP binding will stop functioning with latest Microsoft security update.