LDAP in IP Office 11

[makemetrend]

LDAP not recognized by IP office

Here's the log in the Sysmon.

1393913mS LDAP Ev: Force Refresh
1394913mS LDAP Ev: Timeout, reason = 3
1394913mS LDAP Ev: client state = 6
1394913mS LDAP Ev: Timeout: FORCE_REFRESH
1394913mS LDAP Ev: Force Refresh timeout but have to close ldap client first.
1395913mS LDAP Ev: Timeout, reason = 3
1395913mS LDAP Ev: no client
1395913mS LDAP Ev: Timeout: FORCE_REFRESH
1395914mS LDAP Ev: Force Refresh started.
1395914mS LDAP Ev: LDAP directory update starting...
1395914mS LDAP Ev: LDAPClient: local IP addr = 10.20.5.45 found
1395917mS LDAP Ev: v=LDAPClient,p1=TCP_UP,p2=0,p3=0,p4=0,s1=
1395917mS LDAP Tx
[SEQUENCE]
[INTEGER] MessageID = 8
[BIND_REQUEST]
[INTEGER] Version = 2
[OCTET_STRING] Name = "DMWAI\ipofcadm"
[CONTEXT-SPECIFIC 0] Authentication = Simple "P@ssw0rd"
1395917mS LDAP Ev: LDAP: sent bind
1395919mS LDAP Rx
[SEQUENCE]
[INTEGER] MessageID = 8
[BIND_RESPONSE]
[ENUMERATED] Result Code = LDAP_INVALID_CREDENTIALS
[OCTET_STRING] Matched DN = ""
[OCTET_STRING] Error Message = "8009030C: LdapErr: DSID-0C09042A, comment: AcceptSecurityContext error, data 2030, v3839"
1395920mS LDAP Ev: username/password invalid
1395920mS LDAP Ev: v=LDAPClient,p1=BIND_NOK,p2=0,p3=0,p4=0,s1=
1395920mS LDAP Ev: closing TCP


I already tried the username: username@company.com but still no luck.

any suggestion?

our ldap was stored in AD

 

[derfloh]

The username will be something like cn=ipocfadm,dc=DMWAI,dc=com

If it is an Active Directory you can find the correct user name with ADSI Editor.

Need some help with IP Office?

https://www.fwilke.com/home

CLI based cale blocking:

https://blog.fwilke.com/ip-office-block-calls-from-specific-cli/

SCN fallback over PSTN:

https://blog.fwilke.com/ip-office-scn-fallback/

 

[makemetrend]

Hi derfloh

also would like to ask why is that the ldapclient is 10.20.5.45 - thats the IP of our IP Office.

in your suggestion will I puot that on search base?

 

[makemetrend]

Hi Derfloh,

still no luck I tried ipofcadm@dmwai.com

still invalid credentials on sysmon

 

[derfloh]

Again... You need the LDAP CN of the user in LDAP notation.

Need some help with IP Office?

https://www.fwilke.com/home

CLI based cale blocking:

https://blog.fwilke.com/ip-office-block-calls-from-specific-cli/

SCN fallback over PSTN:

https://blog.fwilke.com/ip-office-scn-fallback/

 

[makemetrend]

Hi Derfloh,

we have J169 Phones and it shows the directory while J129 still no luck

 

[robboardman]

I think j129 can only show personal contacts

Rob

 

[makemetrend]

we have 200 phones for this client. Do you mean I need to manually input? O.O

 

[robboardman]

you can import in to each contacts

rob

 

[makemetrend]

could you teach me how?

 

[derfloh]

That has nothing to do with the initial LDAP issue?

You can create a few contacts in the user's directory tab with Manager, export them as CSV. Then edit the file with the needed contacts and import it again.

As soon as you know the correct CSV format you don't need to export anymore.

Need some help with IP Office?

https://www.fwilke.com/home

CLI based cale blocking:

https://blog.fwilke.com/ip-office-block-calls-from-specific-cli/

SCN fallback over PSTN:

https://blog.fwilke.com/ip-office-scn-fallback/

 

[MrFooF]

Hello,
Same day, same issue :

https://www.tek-tips.com/viewthread.cfm?qid=1794874

I didn't find a solution.
did you ?

 

[makemetrend]

still no luck. reply on this thread once you got the solution

 

[janni78]

This post is all over the place

Is the problem still that you get Invalid Password when trying to connect to the LDAP servern?
If so then it's the LDAP server that is sending that response so you need to know what the server expects.

"Trying is the first step to failure..." - Homer

 

[makemetrend]

the username and password. matched on the username and password on IP office

 

[MrFooF]

Hello , it could come from simple bind that is not supported.

I tried ldp.exe tool to connect to AD-LDS

ld = ldap_open("127.0.0.1", 389);
Established connection to 127.0.0.1.
Retrieving base DSA information...
Getting 1 entries:
Dn: (RootDSE)
configurationNamingContext: CN=Configuration,CN={70259EB8-5F7D-4F27-8C08-8ABD67ED7C7D}; 
currentTime: 23/05/2019 15:42:30 Paris, Madrid; 
dnsHostName: IPOffice; 
domainControllerFunctionality: 7 = ( WIN2016 ); 
dsServiceName: CN=NTDS Settings,CN=IPOFFICE$Annuaire,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,CN={70259EB8-5F7D-4F27-8C08-8ABD67ED7C7D}; 
forestFunctionality: 2 = ( WIN2003 ); 
highestCommittedUSN: 13692; 
isSynchronized: TRUE; 
namingContexts (3): CN=Configuration,CN={70259EB8-5F7D-4F27-8C08-8ABD67ED7C7D}; CN=Schema,CN=Configuration,CN={70259EB8-5F7D-4F27-8C08-8ABD67ED7C7D}; DC=IPOffice,DC=local; 
schemaNamingContext: CN=Schema,CN=Configuration,CN={70259EB8-5F7D-4F27-8C08-8ABD67ED7C7D}; 
serverName: CN=IPOFFICE$Annuaire,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,CN={70259EB8-5F7D-4F27-8C08-8ABD67ED7C7D}; 
subschemaSubentry: CN=Aggregate,CN=Schema,CN=Configuration,CN={70259EB8-5F7D-4F27-8C08-8ABD67ED7C7D}; 
supportedCapabilities (7): 1.2.840.113556.1.4.1851 = ( ACTIVE_DIRECTORY_ADAM ); 1.2.840.113556.1.4.1670 = ( ACTIVE_DIRECTORY_V51 ); 1.2.840.113556.1.4.1791 = ( ACTIVE_DIRECTORY_LDAP_INTEG ); 1.2.840.113556.1.4.1935 = ( ACTIVE_DIRECTORY_V61 ); 1.2.840.113556.1.4.2080 = ( ACTIVE_DIRECTORY_V61_R2 ); 1.2.840.113556.1.4.2237 = ( ACTIVE_DIRECTORY_W8 ); 1.2.840.113556.1.4.1880 = ( ACTIVE_DIRECTORY_ADAM_DIGEST ); 
supportedControl (38): 1.2.840.113556.1.4.319 = ( PAGED_RESULT ); 1.2.840.113556.1.4.801 = ( SD_FLAGS ); 1.2.840.113556.1.4.473 = ( SORT ); 1.2.840.113556.1.4.528 = ( NOTIFICATION ); 1.2.840.113556.1.4.417 = ( SHOW_DELETED ); 1.2.840.113556.1.4.619 = ( LAZY_COMMIT ); 1.2.840.113556.1.4.841 = ( DIRSYNC ); 1.2.840.113556.1.4.529 = ( EXTENDED_DN ); 1.2.840.113556.1.4.805 = ( TREE_DELETE ); 1.2.840.113556.1.4.521 = ( CROSSDOM_MOVE_TARGET ); 1.2.840.113556.1.4.970 = ( GET_STATS ); 1.2.840.113556.1.4.1338 = ( VERIFY_NAME ); 1.2.840.113556.1.4.474 = ( RESP_SORT ); 1.2.840.113556.1.4.1339 = ( DOMAIN_SCOPE ); 1.2.840.113556.1.4.1340 = ( SEARCH_OPTIONS ); 1.2.840.113556.1.4.1413 = ( PERMISSIVE_MODIFY ); 2.16.840.1.113730.3.4.9 = ( VLVREQUEST ); 2.16.840.1.113730.3.4.10 = ( VLVRESPONSE ); 1.2.840.113556.1.4.1504 = ( ASQ ); 1.2.840.113556.1.4.1852 = ( QUOTA_CONTROL ); 1.2.840.113556.1.4.802 = ( RANGE_OPTION ); 1.2.840.113556.1.4.1907 = ( SHUTDOWN_NOTIFY ); 1.2.840.113556.1.4.1948 = ( RANGE_RETRIEVAL_NOERR ); 1.2.840.113556.1.4.1974 = ( FORCE_UPDATE ); 1.2.840.113556.1.4.1341 = ( RODC_DCPROMO ); 1.2.840.113556.1.4.2026 = ( DN_INPUT ); 1.2.840.113556.1.4.2064 = ( SHOW_RECYCLED ); 1.2.840.113556.1.4.2065 = ( SHOW_DEACTIVATED_LINK ); 1.2.840.113556.1.4.2066 = ( POLICY_HINTS_DEPRECATED ); 1.2.840.113556.1.4.2090 = ( DIRSYNC_EX ); 1.2.840.113556.1.4.2205 = ( UPDATE_STATS ); 1.2.840.113556.1.4.2204 = ( TREE_DELETE_EX ); 1.2.840.113556.1.4.2206 = ( SEARCH_HINTS ); 1.2.840.113556.1.4.2211 = ( EXPECTED_ENTRY_COUNT ); 1.2.840.113556.1.4.2239 = ( POLICY_HINTS ); 1.2.840.113556.1.4.2255; 1.2.840.113556.1.4.2256; 1.2.840.113556.1.4.2309; 
supportedLDAPPolicies (20): MaxPoolThreads; MaxPercentDirSyncRequests; MaxDatagramRecv; MaxReceiveBuffer; InitRecvTimeout; MaxConnections; MaxConnIdleTime; MaxPageSize; MaxBatchReturnMessages; MaxQueryDuration; MaxDirSyncDuration; MaxTempTableSize; MaxResultSetSize; MinResultSets; MaxResultSetsPerConn; MaxNotificationPerConn; MaxValRange; MaxValRangeTransitive; ThreadMemoryLimit; SystemMemoryLimitPercent; 
supportedLDAPVersion (2): 3; 2; 
[b]supportedSASLMechanisms (4): GSSAPI; GSS-SPNEGO; EXTERNAL; DIGEST-MD5;[/b] 

-----------
res = ldap_simple_bind_s(ld, 'LDSync', <unavailable>); // v.3
Error <49>: ldap_simple_bind_s() failed: Informations d’identification non valides
Server error: 8009030C: LdapErr: DSID-0C09042A, comment: AcceptSecurityContext error, data 2030, v3839
Error 0x8009030C La tentative d’ouverture de session a échoué

It is OK when using User/Password/Domain auth ( the second one )
Problem seems to be on auth methods supported by AD-LDS.

 

[derfloh]

Again... Did you try to use a username in LDAP notation?

Need some help with IP Office?

https://www.fwilke.com/home

CLI based cale blocking:

https://blog.fwilke.com/ip-office-block-calls-from-specific-cli/

SCN fallback over PSTN:

https://blog.fwilke.com/ip-office-scn-fallback/

 

[janni78]

You LDAP server needs to support simple authentication.

"Trying is the first step to failure..." - Homer

 

[makemetrend]

Avaya support told that directories didnt support j129 Phones.

 

[sizbut]

It was never going to work because even if you did get it work work you would have found out why they don't support the IP Office system directory contacts - the port J129 just doesn't have the memeory to cope with up to 10,000 directory records. You've been trying to workaround something that has been deliberately blocked.

Stuck in a never ending cycle of file copying.