common mistake that can happen and makes it "look like" only the
publisher can provide LDAP authentication is if you're doing secure LDAP
(over SSL) and didn't distribute the root CA/chain for the SSL
encryption to all the CUCM nodes. More of an issue with older CUCM but
thought i'd mention it.
Each CUCM node can perform the LDAP authentication (not the sync). Also
make sure any firewalls and such allow the LDAP requests from the
subscriber nodes as well as the publisher.
On 2/5/2016 3:49 PM, Justin Steinberg wrote:
This isn't the full answer you're looking for, but I'll still throw it
out there...
I know LDAP enabled agents can login to Finesse when the UCM publisher
is down as that happened to me last week. The UCM LDAP auth component
doesn't rely on the Dirsync service, so the UCM LDAP auth runs on all
UCM nodes.
I had a UCS blade failure that took down the UCM pub, but the UCCX pub
and all the primary AD servers were still online for the UCM subs to
authenticate.
On Fri, Feb 5, 2016 at 4:17 PM, Anthony Holloway
<[email protected]
<mailto:[email protected]>> wrote:
UCCXers,
I'm trying to avoid spinning up an entire lab to answer a simple
question that the SRND is glossing over. "Can Agents login to
Finesse on the Island Mode side opposite the CUCM Publisher if
using LDAP Authentication?"
What the SRND has to say about failover and Island Mode:
http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cust_contact/contact_center/crs/express_11_0/design/guide/UCCX_BK_U3AF2742_00_unified-ccx-design-guide-11/UCCX_BK_U3AF2742_00_unified-ccx-design-guide-11_appendix_0100.html#UCCX_RF_W5EB2ACC_00
A little further down in the SRND it talks about Finesse in Island
Mode, and it states that Agents can work on both sides, but it
does not state, if that is: A) for only already logged in Agents,
or B) for CUCM local authentication or LDAP authentication or
otherwise.
http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cust_contact/contact_center/crs/express_11_0/design/guide/UCCX_BK_U3AF2742_00_unified-ccx-design-guide-11/UCCX_BK_U3AF2742_00_unified-ccx-design-guide-11_appendix_0100.html#UCCX_RF_F3A11E07_00
This is a very shallow description on what I consider to be a very
deep topic, so I'm asking here for real world experience.
Assume that we have two Data Centers: DC-A and DC-B.
*DC-A Contains:*
* LDAP Server A
* CUCM Publisher
* UCCX Publisher (Currently Engine Master)
* Agents
*DC-B Contains*
* LDAP Server B
* CUCM Subscriber
* UCCX Subscriber (Currently Engine Slave)
* Agents
*Assumed Config*
* Call flows are internal, no voice gateways to worry about
* CUCM LDAP Auth config is pointing at LDAP Server A first and
LDAP Server B second
* UCCX Publisher AXL/JTAPI config is pointing at CUCM Pub first
and CUCM Sub second
* UCCX Subscriber AXL/JTAPI config is pointing at CUCM Sub first
and CUCM Pub second
* UCCX CTI Route Points have Device Pool with CMG pointing at
CUCM Pub first and CUCM Sub second
* UCCX Publisher CTI Ports have Device Pool with CMG pointing at
CUCM Pub first and CUCM Sub second
* UCCX Subscriber CTI Ports have Device Pool with CMG pointing
at CUCM Sub first and CUCM Pub second
*Question*
1. Can an Agent in DC-B, who was not logged in before Island Mode
happened, now log in, while in Island mode? Does CUCM's
authentication method change the answer? E.g., LDAP
integrated user versus local user.
Thank you.
_______________________________________________
cisco-voip mailing list
[email protected] <mailto:[email protected]>
https://puck.nether.net/mailman/listinfo/cisco-voip
_______________________________________________
cisco-voip mailing list
[email protected]
https://puck.nether.net/mailman/listinfo/cisco-voip
_______________________________________________
cisco-voip mailing list
[email protected]
https://puck.nether.net/mailman/listinfo/cisco-voip
