Genesys CTI User Forum
Genesys CTI User Forum => Genesys CTI Technical Discussion => Topic started by: gcollins on January 15, 2013, 04:44:51 AM
-
Getting the app-user password encrypted and written to the configuration database continues to fail. Can some one provide some clarification to the steps loosely stated in the External Authentication Deployment Guide?
The understanding or lack thereof is as follows:
1. install config server and select LDAP when prompted
2. provide LDAP URL used to connect to Microsoft AD
3. The authentication and gauth_ldap sections are created during the install but do not include the sa-user and password options
<here is where my confusion starts - configserver will read the confserv.cfg on it's first start up and after that only reads the option configured in the config database>
With that stated I am attempting to manually enter the two mentioned gauth_ldap options and then running "confserv -p gauth_ldap <password> to encrypt the password and have it written to the database. The dbserver password is also encrypted.
the encryption option is set to 'true' and the configuration server is started.
a user is configured with en External ID and logs in and the log shows the app-user password is invalid.
I can see that there are several folks that have had success. Any guidance to where the interpretation of the documentation is off balance is greatly appreciated.
-
Set verbosity of LDAP communication to high-level (I think lvl 3) on confserv object and then look for cause of whole issue,if it is on LDAP(Windows AD) site or in confserv LDAP section configuration. Important configuration on Genesys solution is correctly settings of LDAP connection string. You can set it during the installation,in post-install step -> manually on confserv object in CME, or on each object (person likely) to its annex.
-
Thank you for the reply but the LDAP URL was working but the app-user password was changed requiring the re-encryption of its password. This is the root of the problem, that is the exact sequence of steps to encrypt and write the LDAP app-user password to the configuration database.
Are there step that can corrupt the encrypted password?
-
I do not know,we have configured an user and his password in LDAP connection string and all works fine.
-
Could you by chance post or email the connection string or the format.
The authentication used here is for the app-user to first get authenticated and then the Genesys Administrator users External ID is pass to something like ?sub??(&(sAMAccountname=X)(objectCategory=*))
including the sa-user and password was something I did not know as an option.
-
Options(for example):
app-user -> cn=[i]username[/i],OU=[i]Org.unit[/i],DC=[i]DNSDomain[/i]
ldap-url -> ldap://[i]ldapserverhost:port[/i]/OU=[i]Org.Unit[/i],DC=[i]DNSDomain[/i]??sub?(cn=X)
password -> xxxx