Announcement

Collapse
No announcement yet.
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • pls
    started a topic Using ports in LDAP string are not working

    Using ports in LDAP string are not working

    We are configuring a new system. We are on build 21.86.1828.0. We are trying to get Active Directory integration working. It seems to work using LDAP://domain1.anycompany.com/dc=anycompany,dc=com but because of security concerns this really is not an option. Documentation would suggest that we can use port numbers such as
    LDAP://domain1.anycompany.com:389/dc=anycompany,dc=com
    LDAP://domain1.anycompany.com:636/dc=anycompany,dc=com

    Neither of these work and also LDAPS://domain1.anycompany.com/dc=anycompany,dc=com does not work.
    Any suggestions on why using a port number in the ldap string does not work?
    Thanks

  • OcalaGator
    replied
    Are you requiring LDAP Signing by chance? I found similar behavior and after turning up the logging found out that Shoretel doesn't support this. Really kind of confusing as even cheap printers from years ago seem to work fine, but once I turned off requiring LDAP Signing it started working.

    Leave a comment:


  • pls
    replied
    It turns out that using a port number in the ldap string works for logging into the Connect client (secure port is used0, However when you go to the user screen and click on the Show from AD or Sync from AD these buttons do not work. We have a case open with Shoretel to resolve.

    Leave a comment:


  • pls
    replied
    I can get multiple strings to work as long as a port number is not used. Documentation says If no port number is specified, LDAP uses the default port number (636 if using an SSL connection..)
    If I cannot specify a port how do I get it so 636 is the default port. Currently it is using 389.
    Thanks

    Leave a comment:


  • Lance
    replied
    I have noticed each version of connect allows slight different variations of the LDAP string.

    For example the recent build Build:21.87.3629.0 doesn't appear to allow LDAP://domain1.anycompany.com:389/dc=anycompany,dc=com but it will allow LDAP://domain1:389/dc=anycompany,dc=com
    or
    LDAP://domain1.anycompany.com/dc=anycompany,dc=com

    Leave a comment:


  • Lance
    replied

    The first 2 strings should be valid

    This should work LDAP://domain1.anycompany.com:389/dc=anycompany,dc=com is the same as LDAP://domain1.anycompany.com/dc=anycompany,dc=com

    The ADsPath statement has the following format:
    LDAP://HostName[:PortNumber][/DistinguishedName]

    The “HostName” can be a computer or server name, an IP address, or a domain name. Typically, a server name is specified. For Connect, the Active Directory server is usually specified. The “PortNumber” is the port to be used for the connection to the directory. If no port number is specified, LDAP uses the default port number (636 if using an SSL connection or 389 if not using an SSL connection).

    If you have more than one CN, OU or DC I would check the string with a LDAP browser

    Leave a comment:


  • dnhansen
    replied
    Originally posted by Lance View Post
    If you have your machine joined to the domain and it is authorized to do delegation you should be able to use any valid string you can query.
    ^This is for legacy AD integration. Connect does not use this.

    You'll want to reach out to TAC. Per my notes, only the first LDAP string you posted is valid for ShoreTel. I've been told ShoreTel doesn't support port change for LDAP or LDAPS. I have had success using GC instead of LDAP, if that helps.

    Leave a comment:


  • pls
    replied
    Thanks for the suggestion. We selected Trust this computer for delegation to any service (Kerberos only) but that did not help. Server is joined to the domain. It is a Windows 2016 server.

    Leave a comment:


  • Lance
    replied
    If you have your machine joined to the domain and it is authorized to do delegation you should be able to use any valid string you can query.

    Leave a comment:

Working...
X