Re: [cisco-voip] Field Notice from Cisco making Secure LDAP mandatory
Oh yes. I remember that. Actually, what I remember is the fact they stopped doing that about 6 months before I wanted to request that. I mean, better decision in the long term to move to FQDN, but still. -Original Message- From: NateCCIE Sent: Friday, February 14, 2020 11:53 AM To: Lelio Fulgenzi Cc: Anthony Holloway ; Brian Meade ; voyp list, cisco-voip (cisco-voip@puck.nether.net) Subject: Re: [cisco-voip] Field Notice from Cisco making Secure LDAP mandatory Or the good old days when you could list an IP Address as a SAN. Sent from my iPhone > On Feb 14, 2020, at 9:48 AM, Lelio Fulgenzi wrote: > ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] Field Notice from Cisco making Secure LDAP mandatory
Or the good old days when you could list an IP Address as a SAN. Sent from my iPhone > On Feb 14, 2020, at 9:48 AM, Lelio Fulgenzi wrote: > ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] Field Notice from Cisco making Secure LDAP mandatory
Hey Sally, I agree. Using IP address seems like circumventing the certificate. From: cisco-voip On Behalf Of Anthony Holloway Sent: Friday, February 14, 2020 10:17 AM To: Brian Meade Cc: voyp list, cisco-voip (cisco-voip@puck.nether.net) Subject: Re: [cisco-voip] Field Notice from Cisco making Secure LDAP mandatory Well, slap my ass and call me Sally. I change an existing secure LDAP setup from FQDN to IP Address and it still works. I'd be curious to know why it functions this way. Seems like an opportunity to exploit the Authentication facet of SSL. "In addition to encryption, a proper SSL certificate also provides authentication. This means you can be sure that you are sending information to the right server and not to an imposter trying to steal your information." Source: Why SSL? The Purpose of using SSL Certificates<https://www.sslshopper.com/why-ssl-the-purpose-of-using-ssl-certificates.html> On Thu, Feb 13, 2020 at 1:32 PM Anthony Holloway mailto:avholloway%2bcisco-v...@gmail.com>> wrote: That's interesting to know. How did you learn that? On Thu, Feb 13, 2020 at 12:30 PM Brian Meade mailto:bmead...@vt.edu>> wrote: CUCM doesn't check the names, just that the chain is trusted. On Sun, Feb 9, 2020 at 5:23 PM Matthew Loraditch mailto:mloradi...@heliontechnologies.com>> wrote: Interesting. Our root cert is and has been loaded, but I’m still using just the IPs so normally that would make the handshake fail. Get Outlook for iOS<https://aka.ms/o0ukef> Matthew Loraditch Sr. Network Engineer p: 443.541.1518 w: www.heliontechnologies.com<http://www.heliontechnologies.com/> | e: mloradi...@heliontechnologies.com<mailto:mloradi...@heliontechnologies.com> [Helion Technologies]<http://www.heliontechnologies.com/> [Facebook]<https://facebook.com/heliontech> [Twitter]<https://twitter.com/heliontech> [LinkedIn]<https://www.linkedin.com/company/helion-technologies> [cid:image005.jpg@01D5E32C.7BF4BAC0] From: Lelio Fulgenzi mailto:le...@uoguelph.ca>> Sent: Sunday, February 9, 2020 5:15:40 PM To: Matthew Loraditch mailto:mloradi...@heliontechnologies.com>> Cc: James Buchanan mailto:james.buchan...@gmail.com>>; voyp list, cisco-voip (cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net>) mailto:cisco-voip@puck.nether.net>> Subject: Re: [cisco-voip] Field Notice from Cisco making Secure LDAP mandatory [EXTERNAL] I couldn’t get secure ldap to work without loading the certificates from the AD servers. I also had more luck using the global catalog ports. Sent from my iPhone On Feb 9, 2020, at 5:05 PM, Matthew Loraditch mailto:mloradi...@heliontechnologies.com>> wrote: I was wondering if they were going to post anything as it’s very unclear if ldap over tls was the fix. Apparently (and amen) it is. Did it on our office system last week to see if it would work without any certificate needs. It just worked and during a save it will instantly tell you if it worked or not. Outside of the most regimented environments you should be able to just make the change. If it fails talk to your AD team as they would likely have something blocked or disabled. Get Outlook for iOS<https://aka.ms/o0ukef> Matthew Loraditch Sr. Network Engineer p: 443.541.1518 w: www.heliontechnologies.com<http://www.heliontechnologies.com/> | e: mloradi...@heliontechnologies.com<mailto:mloradi...@heliontechnologies.com> <http://www.heliontechnologies.com/> <https://facebook.com/heliontech> <https://twitter.com/heliontech> <https://www.linkedin.com/company/helion-technologies> From: cisco-voip mailto:cisco-voip-boun...@puck.nether.net>> on behalf of James Buchanan mailto:james.buchan...@gmail.com>> Sent: Sunday, February 9, 2020 4:57:40 PM To: voyp list, cisco-voip (cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net>) mailto:cisco-voip@puck.nether.net>> Subject: [cisco-voip] Field Notice from Cisco making Secure LDAP mandatory [EXTERNAL] Hello folks, I know you all needed some more work. I sure did! So here you are! https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/trouble/12_5_1/fieldNotice/cucm_b_fn-secure-ldap-mandatory-ad.html I'm interested in any early thoughts on other integrations--vCenter, ISE, VPN, TACACS, etc. I assume it applies across the board. Thanks, James ___ cisco-voip mailing list cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net> https://puck.nether.net/mailman/listinfo/cisco-voip ___ cisco-voip mailing list cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net> https://puck.nether.net/mailman/listinfo/cisco-voip ___ cisco-voip mailing list cisco-
Re: [cisco-voip] Field Notice from Cisco making Secure LDAP mandatory
Well, slap my ass and call me Sally. I change an existing secure LDAP setup from FQDN to IP Address and it still works. I'd be curious to know why it functions this way. Seems like an opportunity to exploit the Authentication facet of SSL. *"In addition to encryption, a proper SSL certificate also provides authentication. This means you can be sure that you are sending information to the right server and not to an imposter trying to steal your information."* Source: Why SSL? The Purpose of using SSL Certificates <https://www.sslshopper.com/why-ssl-the-purpose-of-using-ssl-certificates.html> On Thu, Feb 13, 2020 at 1:32 PM Anthony Holloway < avholloway+cisco-v...@gmail.com> wrote: > That's interesting to know. How did you learn that? > > On Thu, Feb 13, 2020 at 12:30 PM Brian Meade wrote: > >> CUCM doesn't check the names, just that the chain is trusted. >> >> On Sun, Feb 9, 2020 at 5:23 PM Matthew Loraditch < >> mloradi...@heliontechnologies.com> wrote: >> >>> Interesting. Our root cert is and has been loaded, but I’m still using >>> just the IPs so normally that would make the handshake fail. >>> >>> Get Outlook for iOS <https://aka.ms/o0ukef> >>> >>> Matthew Loraditch >>> Sr. Network Engineer >>> p: *443.541.1518* <443.541.1518> >>> w: *www.heliontechnologies.com* <http://www.heliontechnologies.com/> | >>> e: *mloradi...@heliontechnologies.com* >>> >>> [image: Helion Technologies] <http://www.heliontechnologies.com/> >>> [image: Facebook] <https://facebook.com/heliontech> >>> [image: Twitter] <https://twitter.com/heliontech> >>> [image: LinkedIn] <https://www.linkedin.com/company/helion-technologies> >>> ---------- >>> *From:* Lelio Fulgenzi >>> *Sent:* Sunday, February 9, 2020 5:15:40 PM >>> *To:* Matthew Loraditch >>> *Cc:* James Buchanan ; voyp list, cisco-voip >>> (cisco-voip@puck.nether.net) >>> *Subject:* Re: [cisco-voip] Field Notice from Cisco making Secure LDAP >>> mandatory >>> >>> >>> [EXTERNAL] >>> >>> >>> I couldn’t get secure ldap to work without loading the certificates from >>> the AD servers. I also had more luck using the global catalog ports. >>> >>> Sent from my iPhone >>> >>> On Feb 9, 2020, at 5:05 PM, Matthew Loraditch < >>> mloradi...@heliontechnologies.com> wrote: >>> >>> I was wondering if they were going to post anything as it’s very unclear >>> if ldap over tls was the fix. >>> >>> Apparently (and amen) it is. Did it on our office system last week to >>> see if it would work without any certificate needs. It just worked and >>> during a save it will instantly tell you if it worked or not. >>> >>> Outside of the most regimented environments you should be able to just >>> make the change. If it fails talk to your AD team as they would likely have >>> something blocked or disabled. >>> >>> Get Outlook for iOS <https://aka.ms/o0ukef> >>> >>> Matthew Loraditch >>> Sr. Network Engineer >>> p: *443.541.1518* <443.541.1518> >>> w: *www.heliontechnologies.com* <http://www.heliontechnologies.com/> | >>> e: *mloradi...@heliontechnologies.com* >>> >>> <http://www.heliontechnologies.com/> >>> <https://facebook.com/heliontech> >>> <https://twitter.com/heliontech> >>> <https://www.linkedin.com/company/helion-technologies> >>> >>> -- >>> *From:* cisco-voip on behalf of >>> James Buchanan >>> *Sent:* Sunday, February 9, 2020 4:57:40 PM >>> *To:* voyp list, cisco-voip (cisco-voip@puck.nether.net) < >>> cisco-voip@puck.nether.net> >>> *Subject:* [cisco-voip] Field Notice from Cisco making Secure LDAP >>> mandatory >>> >>> >>> [EXTERNAL] >>> >>> Hello folks, >>> >>> I know you all needed some more work. I sure did! So here you are! >>> >>> >>> https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/trouble/12_5_1/fieldNotice/cucm_b_fn-secure-ldap-mandatory-ad.html >>> >>> >>> I'm interested in any early thoughts on other integrations--vCenter, >>> ISE, VPN, TACACS, etc. I assume it applies across the board. >>> >>> Thanks, >>> >>> James >>> >>> >>> ___ >>> cisco-voip mailing list >>> cisco-voip@puck.nether.net >>> https://puck.nether.net/mailman/listinfo/cisco-voip >>> >>> ___ >>> cisco-voip mailing list >>> cisco-voip@puck.nether.net >>> https://puck.nether.net/mailman/listinfo/cisco-voip >>> >> ___ >> cisco-voip mailing list >> cisco-voip@puck.nether.net >> https://puck.nether.net/mailman/listinfo/cisco-voip >> > ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] Field Notice from Cisco making Secure LDAP mandatory
That's interesting to know. How did you learn that? On Thu, Feb 13, 2020 at 12:30 PM Brian Meade wrote: > CUCM doesn't check the names, just that the chain is trusted. > > On Sun, Feb 9, 2020 at 5:23 PM Matthew Loraditch < > mloradi...@heliontechnologies.com> wrote: > >> Interesting. Our root cert is and has been loaded, but I’m still using >> just the IPs so normally that would make the handshake fail. >> >> Get Outlook for iOS <https://aka.ms/o0ukef> >> >> Matthew Loraditch >> Sr. Network Engineer >> p: *443.541.1518* <443.541.1518> >> w: *www.heliontechnologies.com* <http://www.heliontechnologies.com/> | >> e: *mloradi...@heliontechnologies.com* >> >> [image: Helion Technologies] <http://www.heliontechnologies.com/> >> [image: Facebook] <https://facebook.com/heliontech> >> [image: Twitter] <https://twitter.com/heliontech> >> [image: LinkedIn] <https://www.linkedin.com/company/helion-technologies> >> -- >> *From:* Lelio Fulgenzi >> *Sent:* Sunday, February 9, 2020 5:15:40 PM >> *To:* Matthew Loraditch >> *Cc:* James Buchanan ; voyp list, cisco-voip ( >> cisco-voip@puck.nether.net) >> *Subject:* Re: [cisco-voip] Field Notice from Cisco making Secure LDAP >> mandatory >> >> >> [EXTERNAL] >> >> >> I couldn’t get secure ldap to work without loading the certificates from >> the AD servers. I also had more luck using the global catalog ports. >> >> Sent from my iPhone >> >> On Feb 9, 2020, at 5:05 PM, Matthew Loraditch < >> mloradi...@heliontechnologies.com> wrote: >> >> I was wondering if they were going to post anything as it’s very unclear >> if ldap over tls was the fix. >> >> Apparently (and amen) it is. Did it on our office system last week to see >> if it would work without any certificate needs. It just worked and during a >> save it will instantly tell you if it worked or not. >> >> Outside of the most regimented environments you should be able to just >> make the change. If it fails talk to your AD team as they would likely have >> something blocked or disabled. >> >> Get Outlook for iOS <https://aka.ms/o0ukef> >> >> Matthew Loraditch >> Sr. Network Engineer >> p: *443.541.1518* <443.541.1518> >> w: *www.heliontechnologies.com* <http://www.heliontechnologies.com/> | >> e: *mloradi...@heliontechnologies.com* >> >> <http://www.heliontechnologies.com/> >> <https://facebook.com/heliontech> >> <https://twitter.com/heliontech> >> <https://www.linkedin.com/company/helion-technologies> >> >> -- >> *From:* cisco-voip on behalf of >> James Buchanan >> *Sent:* Sunday, February 9, 2020 4:57:40 PM >> *To:* voyp list, cisco-voip (cisco-voip@puck.nether.net) < >> cisco-voip@puck.nether.net> >> *Subject:* [cisco-voip] Field Notice from Cisco making Secure LDAP >> mandatory >> >> >> [EXTERNAL] >> >> Hello folks, >> >> I know you all needed some more work. I sure did! So here you are! >> >> >> https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/trouble/12_5_1/fieldNotice/cucm_b_fn-secure-ldap-mandatory-ad.html >> >> >> I'm interested in any early thoughts on other integrations--vCenter, ISE, >> VPN, TACACS, etc. I assume it applies across the board. >> >> Thanks, >> >> James >> >> >> ___ >> cisco-voip mailing list >> cisco-voip@puck.nether.net >> https://puck.nether.net/mailman/listinfo/cisco-voip >> >> ___ >> cisco-voip mailing list >> cisco-voip@puck.nether.net >> https://puck.nether.net/mailman/listinfo/cisco-voip >> > ___ > cisco-voip mailing list > cisco-voip@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-voip > ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] Field Notice from Cisco making Secure LDAP mandatory
CUCM doesn't check the names, just that the chain is trusted. On Sun, Feb 9, 2020 at 5:23 PM Matthew Loraditch < mloradi...@heliontechnologies.com> wrote: > Interesting. Our root cert is and has been loaded, but I’m still using > just the IPs so normally that would make the handshake fail. > > Get Outlook for iOS <https://aka.ms/o0ukef> > > Matthew Loraditch > Sr. Network Engineer > p: *443.541.1518* <443.541.1518> > w: *www.heliontechnologies.com* <http://www.heliontechnologies.com/> | > e: *mloradi...@heliontechnologies.com* > [image: Helion Technologies] <http://www.heliontechnologies.com/> > [image: Facebook] <https://facebook.com/heliontech> > [image: Twitter] <https://twitter.com/heliontech> > [image: LinkedIn] <https://www.linkedin.com/company/helion-technologies> > -- > *From:* Lelio Fulgenzi > *Sent:* Sunday, February 9, 2020 5:15:40 PM > *To:* Matthew Loraditch > *Cc:* James Buchanan ; voyp list, cisco-voip ( > cisco-voip@puck.nether.net) > *Subject:* Re: [cisco-voip] Field Notice from Cisco making Secure LDAP > mandatory > > > [EXTERNAL] > > > I couldn’t get secure ldap to work without loading the certificates from > the AD servers. I also had more luck using the global catalog ports. > > Sent from my iPhone > > On Feb 9, 2020, at 5:05 PM, Matthew Loraditch < > mloradi...@heliontechnologies.com> wrote: > > I was wondering if they were going to post anything as it’s very unclear > if ldap over tls was the fix. > > Apparently (and amen) it is. Did it on our office system last week to see > if it would work without any certificate needs. It just worked and during a > save it will instantly tell you if it worked or not. > > Outside of the most regimented environments you should be able to just > make the change. If it fails talk to your AD team as they would likely have > something blocked or disabled. > > Get Outlook for iOS <https://aka.ms/o0ukef> > > Matthew Loraditch > Sr. Network Engineer > p: *443.541.1518* <443.541.1518> > w: *www.heliontechnologies.com* <http://www.heliontechnologies.com/> | > e: *mloradi...@heliontechnologies.com* > <http://www.heliontechnologies.com/> > <https://facebook.com/heliontech> > <https://twitter.com/heliontech> > <https://www.linkedin.com/company/helion-technologies> > > ---------- > *From:* cisco-voip on behalf of > James Buchanan > *Sent:* Sunday, February 9, 2020 4:57:40 PM > *To:* voyp list, cisco-voip (cisco-voip@puck.nether.net) < > cisco-voip@puck.nether.net> > *Subject:* [cisco-voip] Field Notice from Cisco making Secure LDAP > mandatory > > > [EXTERNAL] > > Hello folks, > > I know you all needed some more work. I sure did! So here you are! > > > https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/trouble/12_5_1/fieldNotice/cucm_b_fn-secure-ldap-mandatory-ad.html > > > I'm interested in any early thoughts on other integrations--vCenter, ISE, > VPN, TACACS, etc. I assume it applies across the board. > > Thanks, > > James > > > ___ > cisco-voip mailing list > cisco-voip@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-voip > > ___ > cisco-voip mailing list > cisco-voip@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-voip > ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] Field Notice from Cisco making Secure LDAP mandatory
I believe we had to load two certs. And, after loading certs, restart tomcat. Sent from my iPhone On Feb 9, 2020, at 5:23 PM, Matthew Loraditch mailto:mloradi...@heliontechnologies.com>> wrote: Interesting. Our root cert is and has been loaded, but I’m still using just the IPs so normally that would make the handshake fail. Get Outlook for iOS<https://aka.ms/o0ukef> Matthew Loraditch Sr. Network Engineer p: 443.541.1518 w: www.heliontechnologies.com<http://www.heliontechnologies.com/>| e: mloradi...@heliontechnologies.com<mailto:mloradi...@heliontechnologies.com> <http://www.heliontechnologies.com/> <https://facebook.com/heliontech> <https://twitter.com/heliontech> <https://www.linkedin.com/company/helion-technologies> From: Lelio Fulgenzi mailto:le...@uoguelph.ca>> Sent: Sunday, February 9, 2020 5:15:40 PM To: Matthew Loraditch mailto:mloradi...@heliontechnologies.com>> Cc: James Buchanan mailto:james.buchan...@gmail.com>>; voyp list, cisco-voip (cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net>) mailto:cisco-voip@puck.nether.net>> Subject: Re: [cisco-voip] Field Notice from Cisco making Secure LDAP mandatory [EXTERNAL] I couldn’t get secure ldap to work without loading the certificates from the AD servers. I also had more luck using the global catalog ports. Sent from my iPhone On Feb 9, 2020, at 5:05 PM, Matthew Loraditch mailto:mloradi...@heliontechnologies.com>> wrote: I was wondering if they were going to post anything as it’s very unclear if ldap over tls was the fix. Apparently (and amen) it is. Did it on our office system last week to see if it would work without any certificate needs. It just worked and during a save it will instantly tell you if it worked or not. Outside of the most regimented environments you should be able to just make the change. If it fails talk to your AD team as they would likely have something blocked or disabled. Get Outlook for iOS<https://aka.ms/o0ukef> Matthew Loraditch Sr. Network Engineer p: 443.541.1518 w: www.heliontechnologies.com<http://www.heliontechnologies.com/>| e: mloradi...@heliontechnologies.com<mailto:mloradi...@heliontechnologies.com> <http://www.heliontechnologies.com/> <https://facebook.com/heliontech> <https://twitter.com/heliontech> <https://www.linkedin.com/company/helion-technologies> From: cisco-voip mailto:cisco-voip-boun...@puck.nether.net>> on behalf of James Buchanan mailto:james.buchan...@gmail.com>> Sent: Sunday, February 9, 2020 4:57:40 PM To: voyp list, cisco-voip (cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net>) mailto:cisco-voip@puck.nether.net>> Subject: [cisco-voip] Field Notice from Cisco making Secure LDAP mandatory [EXTERNAL] Hello folks, I know you all needed some more work. I sure did! So here you are! https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/trouble/12_5_1/fieldNotice/cucm_b_fn-secure-ldap-mandatory-ad.html I'm interested in any early thoughts on other integrations--vCenter, ISE, VPN, TACACS, etc. I assume it applies across the board. Thanks, James ___ cisco-voip mailing list cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net> https://puck.nether.net/mailman/listinfo/cisco-voip ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] Field Notice from Cisco making Secure LDAP mandatory
Do they mean StartTLS op (https://tools.ietf.org/html/rfc4513#section-3 lon normal port 389 or deprecated LDAPS (LDAP over SSL) on port 686 that isn't in an rfc? ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] Field Notice from Cisco making Secure LDAP mandatory
Interesting. Our root cert is and has been loaded, but I’m still using just the IPs so normally that would make the handshake fail. Get Outlook for iOS<https://aka.ms/o0ukef> Matthew Loraditch Sr. Network Engineer p: 443.541.1518 w: www.heliontechnologies.com | e: mloradi...@heliontechnologies.com From: Lelio Fulgenzi Sent: Sunday, February 9, 2020 5:15:40 PM To: Matthew Loraditch Cc: James Buchanan ; voyp list, cisco-voip (cisco-voip@puck.nether.net) Subject: Re: [cisco-voip] Field Notice from Cisco making Secure LDAP mandatory [EXTERNAL] I couldn’t get secure ldap to work without loading the certificates from the AD servers. I also had more luck using the global catalog ports. Sent from my iPhone On Feb 9, 2020, at 5:05 PM, Matthew Loraditch mailto:mloradi...@heliontechnologies.com>> wrote: I was wondering if they were going to post anything as it’s very unclear if ldap over tls was the fix. Apparently (and amen) it is. Did it on our office system last week to see if it would work without any certificate needs. It just worked and during a save it will instantly tell you if it worked or not. Outside of the most regimented environments you should be able to just make the change. If it fails talk to your AD team as they would likely have something blocked or disabled. Get Outlook for iOS<https://aka.ms/o0ukef> Matthew Loraditch Sr. Network Engineer p: 443.541.1518 w: www.heliontechnologies.com<http://www.heliontechnologies.com/>| e: mloradi...@heliontechnologies.com<mailto:mloradi...@heliontechnologies.com> <http://www.heliontechnologies.com/> <https://facebook.com/heliontech> <https://twitter.com/heliontech> <https://www.linkedin.com/company/helion-technologies> From: cisco-voip mailto:cisco-voip-boun...@puck.nether.net>> on behalf of James Buchanan mailto:james.buchan...@gmail.com>> Sent: Sunday, February 9, 2020 4:57:40 PM To: voyp list, cisco-voip (cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net>) mailto:cisco-voip@puck.nether.net>> Subject: [cisco-voip] Field Notice from Cisco making Secure LDAP mandatory [EXTERNAL] Hello folks, I know you all needed some more work. I sure did! So here you are! https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/trouble/12_5_1/fieldNotice/cucm_b_fn-secure-ldap-mandatory-ad.html I'm interested in any early thoughts on other integrations--vCenter, ISE, VPN, TACACS, etc. I assume it applies across the board. Thanks, James ___ cisco-voip mailing list cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net> https://puck.nether.net/mailman/listinfo/cisco-voip ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] Field Notice from Cisco making Secure LDAP mandatory
I couldn’t get secure ldap to work without loading the certificates from the AD servers. I also had more luck using the global catalog ports. Sent from my iPhone On Feb 9, 2020, at 5:05 PM, Matthew Loraditch mailto:mloradi...@heliontechnologies.com>> wrote: I was wondering if they were going to post anything as it’s very unclear if ldap over tls was the fix. Apparently (and amen) it is. Did it on our office system last week to see if it would work without any certificate needs. It just worked and during a save it will instantly tell you if it worked or not. Outside of the most regimented environments you should be able to just make the change. If it fails talk to your AD team as they would likely have something blocked or disabled. Get Outlook for iOS<https://aka.ms/o0ukef> Matthew Loraditch Sr. Network Engineer p: 443.541.1518 w: www.heliontechnologies.com<http://www.heliontechnologies.com/>| e: mloradi...@heliontechnologies.com<mailto:mloradi...@heliontechnologies.com> <http://www.heliontechnologies.com/> <https://facebook.com/heliontech> <https://twitter.com/heliontech> <https://www.linkedin.com/company/helion-technologies> From: cisco-voip mailto:cisco-voip-boun...@puck.nether.net>> on behalf of James Buchanan mailto:james.buchan...@gmail.com>> Sent: Sunday, February 9, 2020 4:57:40 PM To: voyp list, cisco-voip (cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net>) mailto:cisco-voip@puck.nether.net>> Subject: [cisco-voip] Field Notice from Cisco making Secure LDAP mandatory [EXTERNAL] Hello folks, I know you all needed some more work. I sure did! So here you are! https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/trouble/12_5_1/fieldNotice/cucm_b_fn-secure-ldap-mandatory-ad.html I'm interested in any early thoughts on other integrations--vCenter, ISE, VPN, TACACS, etc. I assume it applies across the board. Thanks, James ___ cisco-voip mailing list cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net> https://puck.nether.net/mailman/listinfo/cisco-voip ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] Field Notice from Cisco making Secure LDAP mandatory
I was wondering if they were going to post anything as it’s very unclear if ldap over tls was the fix. Apparently (and amen) it is. Did it on our office system last week to see if it would work without any certificate needs. It just worked and during a save it will instantly tell you if it worked or not. Outside of the most regimented environments you should be able to just make the change. If it fails talk to your AD team as they would likely have something blocked or disabled. Get Outlook for iOS<https://aka.ms/o0ukef> Matthew Loraditch Sr. Network Engineer p: 443.541.1518 w: www.heliontechnologies.com | e: mloradi...@heliontechnologies.com From: cisco-voip on behalf of James Buchanan Sent: Sunday, February 9, 2020 4:57:40 PM To: voyp list, cisco-voip (cisco-voip@puck.nether.net) Subject: [cisco-voip] Field Notice from Cisco making Secure LDAP mandatory [EXTERNAL] Hello folks, I know you all needed some more work. I sure did! So here you are! https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/trouble/12_5_1/fieldNotice/cucm_b_fn-secure-ldap-mandatory-ad.html I'm interested in any early thoughts on other integrations--vCenter, ISE, VPN, TACACS, etc. I assume it applies across the board. Thanks, James ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
[cisco-voip] Field Notice from Cisco making Secure LDAP mandatory
Hello folks, I know you all needed some more work. I sure did! So here you are! https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/trouble/12_5_1/fieldNotice/cucm_b_fn-secure-ldap-mandatory-ad.html I'm interested in any early thoughts on other integrations--vCenter, ISE, VPN, TACACS, etc. I assume it applies across the board. Thanks, James ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip