Hi George, I've hit a roadblock. When I change a user from a numeric user ID to using one that allows authentication with AD, it breaks voice mail integration with Exchange UM because the the user ID field is sent in the diversion header sent to Exchange. Our Exchange admins tell me that there is no way to may none numeric IDs to mailboxes. Do you think a new field should be added to the Unified messaging screen allowing you to specify the mail box?
Thanks! Kyle On Thu, Jun 16, 2011 at 1:09 PM, George Niculae <[email protected]> wrote: > Hi Kyle, > > yes, you are right, switch user id and alias mapping and you should be > good (though you'll have to reimport users). > > Log in with aliases was rebuilt with > http://track.sipfoundry.org/browse/XX-9577 - unless binding with > aliases now sipxconfig will fetch user name and bind with this one. We > changed this since you could have multiple fields mapped as aliases > and user portal authentication should work with all of them (so using > user name behind the scene guarantees this) > > George > > On Thu, Jun 16, 2011 at 9:49 PM, Kyle Haefner > <[email protected]> wrote: >> Hi George, >> >> What was working that I liked really well was I could have the user_id >> set to a phone extension ie 11012 and the alias set to our >> sAMAccountName ie fweasly. Then the end user could log into the >> portal with their ldap username and credentials. I have a pretty >> large number of users that are set up with numeric userids and I was >> hoping to leverage the alias field to add their AD username for >> authentication. It sounds like they only work around for me going >> forward is to switch the numeric userid and the alias fields, correct? >> >> >> In the second capture I sent you the alias field is used to bind to >> ldap, I take it this was originally unintentional and has since been >> corrected? >> >> Thanks! >> >> Kyle >> >> >> >> >> On Thu, Jun 16, 2011 at 12:35 PM, George Niculae <[email protected]> wrote: >>> Hi Kyle, >>> >>> sipxconfig will never send the alias to LDAP but the user name (that >>> is the numeric userid in your case). How it works: when you >>> authenticate with an alias in user portal sipxconfig will search for >>> the corresponding user and will bind in ldap with the associated user >>> name (which in your case is the numeric userId). Why do you want to >>> drop the numeric id? >>> >>> George >>> >>> On Thu, Jun 16, 2011 at 8:49 PM, Kyle Haefner >>> <[email protected]> wrote: >>>> Hi George, >>>> >>>> I thought this was working yesterday and it is actually not. >>>> >>>> SIPXCONFIG=# select * from ldap_user_property_to_ldap_attr; >>>> ldap_attr_map_id | user_property | ldap_attr >>>> ------------------+---------------+---------------- >>>> 3 | imId | sAMAccountName >>>> 3 | userName | sAMAccountName >>>> >>>> >>>> Attached is a wireshark capture. >>>> SIPXconfig is sending the numeric userID 1111 instead of the alias. >>>> >>>> The Second attachment is from 4.4.0- 2011-04-19EDT11:43:17 >>>> domU-12-31-39-0E-C9-92 with the user set up the same way that works. >>>> >>>> Any ideas in what I need to do to get this to work? >>>> >>>> Thanks! >>>> >>>> Kyle >>>> >>>> >>>> On Tue, Jun 14, 2011 at 1:31 PM, Haefner,Kyle >>>> <[email protected]> wrote: >>>>> George, >>>>> >>>>> Well I feel stupid. I set the alias to sAMAccountName because I want >>>>> the alias to be used for authentication. The working configuration is >>>>> for the userID to be set to sAMAccountName and the alias left blank >>>>> in the LDAP set up. >>>>> >>>>> Thanks for your help! >>>>> >>>>> Kyle >>>>> >>>>> On Tue, Jun 14, 2011 at 12:51 PM, George Niculae <[email protected]> wrote: >>>>>> On Tue, Jun 14, 2011 at 9:22 PM, George Niculae <[email protected]> wrote: >>>>>>> On Tue, Jun 14, 2011 at 9:18 PM, Kyle Haefner >>>>>>> <[email protected]> wrote: >>>>>>>> George, >>>>>>>> >>>>>>>> openUC 4.4.0- 2011-06-07EDT05:00:13 ip-10-72-38-198 >>>>>>>> >>>>>>>> I updated today. What log shows LDAP authentication? >>>>>>>> >>>>>>> >>>>>>> Check sipxconfig.log and see if any error there. Otherwise I suggest >>>>>>> to take a pcap and see if AD rejects authentication >>>>>>> >>>>>>>> >>>>>>>> ldap_attr_map_id | user_property | ldap_attr >>>>>>>> ------------------+----------------------------------+---------------- >>>>>>>> 3 | firstName | givenName >>>>>>>> 3 | lastName | sn >>>>>>>> 3 | userGroupName | ou >>>>>>>> 3 | userName | sAMAccountName >>>>>>>> 3 | createdAddressBookEntry.jobDept | department >>>>>>>> 3 | imId | sAMAccountName >>>>>>>> 3 | createdAddressBookEntry.jobTitle | title >>>>>>>> 3 | emailAddress | mail >>>>>>>> 3 | aliasesString | sAMAccountName >>>>>>>> >>>>>>> >>>>>>> I'll map same attributes and give it a try, >>>>>>> >>>>>> >>>>>> I'm not sure you can import users with this configuration - having >>>>>> sAMAccountName for both user id and aliases will trigger exception on >>>>>> user creation, can you double check your config? >>>>>> >>>>>> George >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> Kyle Haefner, M.S. >>>>> Communication Systems Programmer >>>>> Colorado State University >>>>> Fort Collins, CO >>>>> Phone: 970-491-1012 >>>>> Email: [email protected] >>>>> _______________________________________________ >>>>> sipx-users mailing list >>>>> [email protected] >>>>> List Archive: http://list.sipfoundry.org/archive/sipx-users/ >>>>> >>>> >>>> >>>> >>>> -- >>>> Kyle Haefner, M.S. >>>> Communication Systems Programmer >>>> Colorado State University >>>> Fort Collins, CO >>>> Phone: 970-491-1012 >>>> Email: [email protected] >>>> >>> >> >> >> >> -- >> Kyle Haefner, M.S. >> Communication Systems Programmer >> Colorado State University >> Fort Collins, CO >> Phone: 970-491-1012 >> Email: [email protected] >> > -- Kyle Haefner, M.S. Communication Systems Programmer Colorado State University Fort Collins, CO Phone: 970-491-1012 Email: [email protected] _______________________________________________ sipx-users mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-users/
