Announcement

Ldap

AD Server name maybe?

Our's is:
LDAP://svrname.benco.com/ou=business units,dc=benco,dc=com

Hope this helps you out.
Once you get it working it only sync's 11 fields.
None of them is an "extension" number.

Thanks but that did not do it. I am mainly interested in SSO and we have to change all extensions anyway so no big deal there.
Thanks

You have to make sure the Active Directory delegation is done too:


Once I did that and specified my DC in the LDAP path

LDAP://DC.contoso.com/ou=Users,dc=contoso,dc=com

it took a few minutes before the two buttons weren't grey anymore.

Thanks that got the unable to verify AD path taken care of. I will give it a while to see if the buttons will work.

Can't get AD buttons to work

Did you get the buttons to work -- Show from AD or Sync from AD?

I followed the delegation steps and then made the changes in Director. I can login to Director with my AD credentials, but when I try a Show from AD, I get an error that says:

No Unique User found for myusername in <LDAP://servername.company.com/ou=Domain Controllers,dc=company,dc=com>

My user is not in the "Domain Controllers" OU, but my domain controller is. I tried moving my user into the Domain Controllers OU as a test and then I get an ASP error on the Director page. I'm running Shoreware 9.1.

I think the OU bit should relate to the path with the users in it that will be signing on. I normally leave it as the root domain in smaller environments.

I have it all working now.
My path is LDAP://whm3.woodhuston.local/OU=WH,DC=woodhuston,DC=local.

I will try to explain this.

whm3.woodhuston.local is my domain controller full computer name. The .local could be .com depending on how your domain is named. Easy way to check in look at the full computer name of of the DC.

OU is the OU where all of my uers are if you don't have one you can use CN for container. So it could be CN=Users if that is where all your users are. I get an error if I leave it out.

For the DC=woodhuston and DC=local this should be the same as the last part of the full computer name the first dc is what is on the left of the . the second one is what is on the right of the. .

After all that is correct it should no longer give you and error when you save the other parameters page.

The last thing to do after all that is working is reboot the ShoreTel server and possibly the DC as well. Mine was not working when I left on Friday and both servers were scheduled to restart over the weekend. When I came in on Monday the buttons were working.

Still Having Issues

Hey guys,

Thanks for the info and tips. That helps me understand the proper setup, but I still can't get it working even though I'm pretty sure I have the LDAP string correct.

A couple of questions? What kind of AD environment are you running? Is it all Windows 2003 servers, Windows 2003/2008, etc? Also, which version of Shoretel are you running?

We are running Shoretel 9.1, Build 14.21.4905.0 in a Windows 2003 domain extended for 2008 servers. We have two domain controllers in the same location as the Shoretel HQ server. One DC is Windows 2003, the other is WIndows 2008. I can set the LDAP string for either DC (as long as its been delegated) without getting the "unable to verify AD path" error.

I've rebooted the DC and the Shoretel server and still I can't get a reponse from the "Show from AD" button under Individual Users. Instead I get an ASP error in the browser that says, "Webpage error details

User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; .NET CLR 1.0.3705; MS-RTC LM 8; .NET CLR 1.1.4322; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Timestamp: Wed, 19 Aug 2009 04:07:14 UTC


Message: Object doesn't support this property or method
Line: 3853
Char: 2
Code: 0
URI: http://shoretel.strand.com/shorewaredirector/user.asp?ID=1133&country=1&site=1"

That happens in IE8 (and compatability mode) and IE6.

Any other ideas on this?

Thank you!