Announcement

Collapse
No announcement yet.
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • LDAP Integration

    I am needing help setting up LDAP integration with 9.1 or 9.2....I got the ldap path setting in place. The problem i am having is that when i go to create a user account, the "Show From AD" and "Sync From AD" is gray out....

    Company name is: Cetxc

    LDAP://DCName.cetxc.com/CN=Users,DC=cetxc,DC=com

  • #2
    Make sure you set up the delegation as per the app note from ShoreTel. I have also found that closing the browser and reopening it can help, once you can get single sign on for Director working then everything else should start working as well.

    Comment


    • #3
      Yes...i have setup the delegation per Shoretel doc...Once i got the LDAP path to take, i even reboot the server. Still, those two buttons are grey out..The delegation step that i perform are below....

      How to enable Active Directory delegation on HQ server
      How to enable delegation on HQ server
      1. Steps to Enable Active Directory Delegation:
      a. Make sure you 'Delegate' your ST9 and higher system computer in AD by doing this:
      b. Start |Run |Type 'mmc'
      c. Under File in menu, select Add/Remove Snap-in. The 'Add/remove Snap-in' dialog box will appear.
      d. Click on 'Add' button in 'Add/remove Snap-in dialog box'.
      e. You will see 'Add Standalone Snap-in' dialog box. Please select 'Active Directory Users and Computers' and then click on Add again. Close 'Add Standalone Snap-in'.
      f. In the console window, expand your Active Directory Users and Computers.
      1. Select Your domain. For e.g:domainname.companyname.com.
      2. And then select Computers. Select the HQ system computer.
      3. Right click on it and select Properties.
      4. Then select Delegation | Select 'Trust this computer for delegation to specified services only'.
      5. And then select 'Use any authentication protocol'.
      g. Then click on Add.
      h. Then click on 'Users and Computers' and then type name of the 'domain controller' and click Ok.
      i. Then chose 'ldap' for service type. Then click on Apply and Ok.

      Comment


      • #4
        Don't know if it will make a difference, but we only put in our root domain as the LDAP string:

        LDAP://domain.local

        Comment


        • #5
          Originally posted by AdvanceIT View Post
          Don't know if it will make a difference, but we only put in our root domain as the LDAP string:

          LDAP://domain.local
          This was the only way I could get it to work.

          Comment


          • #6
            I have try that too and it doesn't work.

            Comment


            • #7
              It took us a while to get the right string. Two things to try/confirm.

              1) Make sure ldap is capitalized in your connect string. LDAP://... (everything else is lower case for us)

              2) try only using LDAP://domain.local/dc=domain,dc=local

              if that works, you can start going farther into your your directory with OU's and CN's

              try doing a nslookup from a command prompt for domain.local, make sure that returns addresses for your DC's. We use domain.local since that returns a functioning DC. If you get more specific (ie dc1.domain.local), then if that one goes down, your connection goes away.

              Comment


              • #8
                I am getting the same issues and assume its an authentication problem after reading the second post on delegation. I had not seen this referenced anywhere else.

                Delegation is a problem in itself given HQ is not a domain member as recommended as best practise.

                What now ?

                Regards, J

                Comment


                • #9
                  LDAP integration won't work at all unless the HQ server is a domain member. You should put it in it's own OU with minimal policies applied, things like DCOM and IIS hardening normally break the ShoreTel software.

                  Comment


                  • #10
                    Doesn't joining the HQ server to an AD domain go against the recommendation?

                    Comment


                    • #11
                      Originally posted by chrisknight View Post
                      Doesn't joining the HQ server to an AD domain go against the recommendation?
                      You should not install ShoreWare with the server as part of the domain, but once you have installed it, you can add it to the domain. This has something to do with the installer needing to change DCOM permissions or something that developers can make more sense of than me.

                      As for the LDAP path, the app note on doing this isn't particularly enlightening, but I have been successful. The trick is to use the name of the domain controller that you specified in the delegation steps in the LDAP path rather than the domain.

                      So if you have a domain called MYCORP.local and a Domain Controller called MYDC then you set up all the delegation stuff on the ShoreTel server against the domain controller then you configure your LDAP path would be something like LDAP://MYDC/DC=MYCORP,DC=local

                      Comment


                      • #12
                        Client login issue - Shoretel AD integration

                        Hello,

                        Thanks for this thread, it helped me get my integration setup in shoretel. So after using the correct LDAP path , essentially just the root host name as stated in this thread, the integration went smoothly. I was able to view AD details from my user account in shoretel and do a sync. I am able to access the director on my pc with single sign on, it doesn't prompt for credentials at all.

                        Unfortunately, I can't get my Shoretel Communicator to single sign on too. I uninstalled it, and reinstalled the software straight from the server and when I configure it, it asks for my credentials to login to Shoretel. Moreover, when I type in my AD credentials, it states that the username cannot be found. ideas? How does Shoretel Communicator authenticate ad users?

                        appreciate the help

                        Comment


                        • #13
                          Originally posted by abowser View Post
                          Hello,

                          Thanks for this thread, it helped me get my integration setup in shoretel. So after using the correct LDAP path , essentially just the root host name as stated in this thread, the integration went smoothly. I was able to view AD details from my user account in shoretel and do a sync. I am able to access the director on my pc with single sign on, it doesn't prompt for credentials at all.

                          Unfortunately, I can't get my Shoretel Communicator to single sign on too. I uninstalled it, and reinstalled the software straight from the server and when I configure it, it asks for my credentials to login to Shoretel. Moreover, when I type in my AD credentials, it states that the username cannot be found. ideas? How does Shoretel Communicator authenticate ad users?

                          appreciate the help
                          You need to make sure that the steps in the implementation article about enabling the delegation access are followed correctly.

                          Comment


                          • #14
                            For clarification, syconizing AD changes into Director is still a manual process?

                            That's my basic understanding but i'm hesitant to trust a post from 2 years ago, looking for something more recent to verify.

                            Comment


                            • #15
                              Make sure the your user account is Active Directory enabled and ensure your computer which has Communicator installed is part of your domain. It should sign you into communicator without promping you for credentials.

                              Comment

                              Working...
                              X