Securing LDAP on Meetingplace Express

Hello,
I'm looking to harden the security of a MeetingPlace Express (V2.0.1.15).
SSL has been implemented successfully resulting in https browsing only.
The next step is to integrate with AD for user authentication over a secure link. The Bind requests currently are simple (i.e. clear text userid and password) which is not secure.
Can anyone advise on how this can be configured to use SSL/TLS for the LDAP queries. This is a standalone MPX in that I do not have a Cisco Call Manager to secure the queries.
Thanks.

You will need to install the AD Plugin for CallManager before this.
Complete these steps in order to integrate MeetingPlace Express with Active Directory (AD):
- Log in to Cisco Unified MeetingPlace Express.
- Choose Administration at the top of the page.
- On the left side of the page:
Choose System Configuration.
Choose Usage Configuration.
- Configure these fields:
Cisco CallManager version-Set this field to Cisco Unified CallManager Release 4.x.
LDAP URL-Set this field:
Make sure that this URL starts with ldap, not http. For example, ldap://server-ip-address:port/
Make sure that there are no spaces after the URL.
Directory username-Use the format of an LDAP distinguished name, for example:
Password-Use the password that was specified during the Cisco Unified CallManager installation.
Cisco base
User base
Directory type
- Click Save.

Similar Messages

  • LDAP Integration issue- MeetingPlace Express 2.1.1.2

    Hello ,
    I have sucessfully installed Cisco Unified MeetingPlace Express 2.1.1.2
    i can able to make audio/web conf .but i am unable to integrate with LDAP
    while i am testing LDAP configuration i am getting below error
    " Error while testing AXL configuration. Cisco Unified Communications Manager
    is not available "
    attached LDAP conguration and error
    It would be great if any one can help me on this .
    Thanks ,
    Sam

    Thanks Java ,
    The same document i followed for LDAP confguration .
    previously it was working for few time .
    RTMT logs i can able to see MPX contacting to CUCM .
    Attacehd the RTMT AXL /MPX logs
    Thanks ,
    Sam

  • MeetingPlace Express and LDAP Directory

    Hello Folks,
    I have got 2 questions:
    1)Is there a built-in synch AD between CallManager and MeetingPlace Express? I would like to be able to add new people added in the CallManager to MPE directory automatically? Would it be possible?
    2)can we add extra attendees on the fly if we go over
    Thanks,

    Bahman,
    You can set up an import file to bulk add profiles. Check the Importing Data into Meetingplace Express section.
    http://www.cisco.com/en/US/products/ps6533/products_administration_guide_chapter09186a00805edd00.html
    Best practices recommend that you setup floater and overbook ports using the formula specified in this link.
    http://www.cisco.com/en/US/products/ps6533/products_administration_guide_chapter09186a0080579c3a.html#wp1054721
    You can also read more about Floater and overbook ports here
    http://www.cisco.com/en/US/products/ps6533/products_administration_guide_chapter09186a0080579c3a.html#wp1054072
    HTH
    Sankar
    PS: please remember to rate posts!

  • MeetingPlace Express can support Active Directory?

    We are running MeetingPlace Express v1.1.2.1001. I was wondering if it is possible to use MS Active Directory integration? The purpose would be to enable us to select "from directory" under invitees when scheduling a meeting and it would pull the users/e-mail addresses from MS Active Directory.
    I noticed under System Configuration, Usage Configuration, in the LDAP section you can select Directory Type Active Directory. However I cannot find any documentation on integration MS A/D.
    If not, any word on the best way to get this integrated in a MS A/D environment?
    ryan

    Active Directory is supported for authentication, but I don't believe it is for profile related information though I may be incorrect.
    Once you set the Active Directory parameters via the Usage Configuration screen, you must define set the "isLocalUser" parameter to "No" during the import of user profiles. You cannot set this parameter from the User Profiles page, only via an import of user profile information.
    Once you've set the isLocalUser parameter to No, MPE will look to AD for user authentication.

  • How to change system time on Cisco MeetingPlace Express Server

    How to change system time on Cisco MeetingPlace Express Server
    Model MCS-7825-I4

    Hi Vijay,
    As per the install guide for MPX 1.x as well as 2.x "Caution! Be sure you enter the correct date and time. You must reinstall the Cisco Unified MeetingPlace Express operating system and application if you need to change the date or time of your server in the future."
    http://docwiki.cisco.com/wiki/Cisco_Unified_MeetingPlace_Express,_Release_2.x_--_Configuring_the_Cisco_Unified_MeetingPlace_Express_Server#Configuring_the_Cisco_Unified_MeetingPlace_Express_Server
    http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/meetingplace_express/1_2/english/installation/guide/iug/mpxinst3.html
    HTH
    Manish

  • Disk space problem on MeetingPlace Express

    I get the email below daily. I'm thinking it's ok to cat /dev/null the cma.log file?
    I also think I might be able to do the same thing to stdout.old?
    Anything else I should try other than the instructions?
    * Directory listing
    [mpxadmin@meeting ConfSchd]$ ls -la
    total 3036516
    drwxrwxr-x    2 mpxadmin mpx          4096 Aug  2 13:27 .
    drwxrwxr-x   17 root     mpx          4096 Nov  4  2009 ..
    -rw-rw-r--    1 mpxadmin mpx             0 Nov  4  2009 ActConf.lk
    -rw-rw-r--    1 mpxadmin mpx             0 Nov  4  2009 Attach.lk
    -rw-rw-r--    1 mpxadmin mpx             4 Dec 22  2012 confId
    -rw-rw-rw-    1 mpxadmin mpx           391 Apr  5  2010 pegstats
    -rw-rw-r--    1 mpxadmin mpx        255639 Aug  2 14:25 stderr
    -rw-rw-r--    1 mpxadmin mpx       1152127 Dec 22  2012 stderr.old
    -rw-rw-r--    1 mpxadmin mpx      516106727 Aug  2 16:50 stdout
    -rw-rw-r--    1 mpxadmin mpx      2588797008 Dec 22  2012 stdout.old
    -rw-rw-r--    1 mpxadmin mpx             0 Nov  4  2009 TCMap.lk
    [mpxadmin@meeting ConfSchd]$
    * EMAIL
    This is an automated message from the MeetingPlace Express system with
    hostname [meeting.afgrp.com] to inform you that disk space is low.
    Details on where the problem is and how to resolve it are indicated below.
    Low space in partition /. Percent used = [90].
    The following files might cause trouble. However, inspect each one to make sure.
    Look specifically for large files with old timestamps. Also, note that some of
    the files indicated might have been previously mentioned. In this case, use the
    prior instructions to handle these files rather than the instructions below.
    If you are uncertain, contact Cisco TAC for confirmation/advice.
    For the files below, use the following procedure to empty these files rather than
       delete them outright.
             1. For each file to be emptied do:
                 cat /dev/null > <filename>
             2. After all files that you wish to empty have been emptied, do:
                 su   // Enter 'root' password.
                 mpx_sys restart
    -rw-rw-r--   1 mpxadmin mpx     283120801 Apr 11 02:00 /var/mp/ConfSchd/stdout
    -rw-r-----   1 root     root     127007041 Dec 22 05:30 /var/spool/compaq/cma.log
    In general, to free up disk space where it is uncertain exactly what files are in question,
       do the following:
    1. In general, go to places like /root, /mpxadmin, /tmp and do "ls -la" to look
         for large files. If a file is large, old, and seems like some kind of log or
         error file, it could be a candidate for deletion.
    2. Generally files of type log (*.log), stderr, stdout, or txt (*.txt) are the
         best candidates to look for. A good command to look for these types of
         files with size of 10,000,000 bytes or larger is:
           find / -name "<file type>" -exec ls -la {} ; | awk '{if( >=10000000) {print} }'
         For example, to look for all log files 10,000,000 bytes or larger on
           the entire system:
             find / -name "*.log" -exec ls -la {} ; | awk '{if($5 >= 10000000) {print} }'
    3. If you have a specific problem partition that you are trying to reduce size
         for, do the following:
         1. Find out the directory name of the top of the partition from "df".
         2. "cd" to that location.
         3. Then do: du -x -b --max-depth=1
         4. Look for the directories that are really large.
         5. Then "cd" into the worst subdirectory (or subdirectories).
         6. Get a list of all large files from current directory location and lower:
               (This example assumes 10,000,000 bytes and a check for .log files.
                   Note the starting location of '.' (current location) rather
                   than '/' (entire disk) ).
               find . -name "*.log" -exec ls -la {} ; | awk '{if($5 >= 10000000) {print} }'
    Complete output of the 'df' command:
    Filesystem           1K-blocks     Used Available Use% Mounted on
    /dev/sda1             6048320   5111204   629876 90% /
    /dev/sda6             4032092   767336   3059932 21% /common
    /dev/sda2             8064304   6492268   1162380 85% /db
    /dev/sda9               256667     8416   234999   4% /grub
    /dev/sda7           122154520   110696 115838720   1% /mpx-record
    /dev/sda5             5036284   3577128   1203324 75% /opt
    /dev/sda3             6048352   109032   5632080   2% /partB
    none                   1026932     22624   1004308   3% /dev/shm

    Hi Josh,
    It seems that the root partition of the MeetingPlace Express server is almost full. I have attached a document for your reference which can be used to minimize the disk space issues.
    Once the steps mentioned in the attached document are completed, run the command "df" to check the disk space.
    If you do not see much improvement in the root partition, then in that case some other files might need to be removed from the server to increase the root partition space.
    If any of the partitions reach upto 90% or above, then the server might behave unexpectedly.
    Feel free to revert if you have face any issues or have any queries.
    Regards,
    Rishabh

  • MeetingPlace Express 2.1.1.2 Dial Out was not Successful

    I'm configuring a MeetingPlace Express v.2.1.1.2 and I can't make the MPX do the call to the guests of a meeting.
    I make the configuration test in: Services > Logs > Verify Configuration > Call configuration verification and show the following error:
    ==============================================================
    ==============================================================
    Call-Config Report
    Summary   
    WARNING:The H.323 ID should match the host name   
    Valid E.164 Address has been configured   
    H.323 gateway has been configured   
    Error: Dial Out was not Successful   
    Call-Config Report Details
    H.323 Details   
    H.323 enabled : YES   
    E.164 address : 196   
    H.323 ID : mpxadmin   
    H.323 gateway 1 : 010.145.002.030   
    SIP enabled : YES   
    DialOut Session Summary  
    VUI Configuration: 250 Sessions, 250 Confs   
    *** VUI INTERNAL STATUS UTILITY ***
    DebugMenu:   
    1) Quick Status of all Ports 4) Make Test Call   
    2) Verbose Status of Port Range 5) Show All Confs   
    3) Display complete Port Information 0) Quit   
    Enter the Command (0 -- 100) []: You entered 4.   
    Enter destination for your call: The Telephone Number is 196. Len is 3   
    Do you want specific ports? (t -- F): You entered f.   
    Placing Call .....Call was unsuccessful: Ring No Answer.   
    DebugMenu:   
    1) Quick Status of all Ports 4) Make Test Call   
    2) Verbose Status of Port Range 5) Show All Confs   
    3) Display complete Port Information 0) Quit   
    Enter the Command (0 -- 100) []: You entered 0.
    ==============================================================
    ==============================================================
    That parameter could check?
    Here I place information on the configuration of my network:
    CUCM v.7.0 --> 10.145.2.10
    Voice Gatweay --> 10.145.2.30
    In CUCM > Device > Gateway --> Gateway: 10.145.2.20 | Description: Cisco MeetingPlace Express | Type: H.323 Gateway | IP: 10.145.2.20
    Please expect your valuable help!
    Thanks a lot!
    ErnestoG

    hi Ernesto,
    As the problem you are facing is a dial out issue on MPE,  go
    through the checklist mentioned below in order to confirm the configuration
    is intact.
    Here is the checklist :
    1.    Ensure that H323 GW is defined on CCM/CUCM.
    Device > Gateway > find.
    Look for a device name that equals either MPE's hostname, FQDN, or IP
    Address.
    2.    Ensure that h323 Gateways are configured on MPE.
    MPE Administration Center > System Configuration > Call Configuration > H323
    Configuration
    Ensure that h323 is enabled.
    Ensure that you have entered your CCM's IPs in h323 Gateway 1, 2
    3.    Ensure that CCM's interface with MPE is up.
    Ensure that MPE's IP Address is listed under the "IP Address" column.
    Ensure that this IP Address is that of the FIRST NIC on MPE, not the second.
    4.    Verify that MPE has the CSS required to call the destination.
    FIRST, FIND MPE's CSS:
    When MPE places a call, the CSS in question is Device > Gateway > MPE-GW >
    Inbound
    THEN the relevant config is under Device > "Call Routing Information -
    Inbound Calls" > Calling Search Space
    SECOND, FIND DESTINATION PATTERN's PARTITION:
    If the destination is an IP Phone within the CCM/CUCM Cluster, then the
    relevant config is under Device > Phone > click on Directory Number in CCM.
    If the destination is a PSTN endpoint/phone, then the relevant config is
    under Device > Route Pattern.
    5.    Ensure that your user profile is set to allow outdials.
    MPE Administration Center > User Configuration > User Profile Management >
    Your User Profile > Can call out of meetings should be set to "Yes".
    6.    When you place a call from  from the CLI, the system applies permissions
    from the "Guest" User profile since mpxadmin  or root are not Users within
    the MPX application. To allow this to work, you need to  verify two
    settings:
    MPE Administration Center > User Configuration > User Profile Management >
    Guest > Can call out of meetings should be set to "Yes".
    Ensure that the Guest profile is not in a "locked" state.
    MPE Administration Center > System Configuration > Usage Configuration >
    Allow Guest outdials should be set to "Yes".
    Hope this helps!
    Thanks,
    Karthik

  • CUCM 6 with MeetingPlace Express

    Hello,
    I have CUCM 6.1 integrated with MeetingPlace Express VT and everything is set up. However, when I test with trying to conference more than 2 users the video ends on everybody's desktop. When it is just 2 users the video shows up fine as soon as I conference in the next person it kicks the video off. Any help would be appreciated
    Thanks!

    Sorry, forgot to mention that I have configured everything in CUCM and Meetingplace and created the Video conference bridge and added it to the MRGL. It shows the bridge as registered in both CUCM & MPE
    Thanks!

  • Connect to secure LDAP server from iWS 4.1

    I am trying to connect to a secure LDAP server that is expecting client authentication. I installed a client cert (provided by the LDAP admin) on the iWS admin server, and I can search/view user records housed on the LDAP server.
    However, when I try to use an iWS webserver to restrict access to a resource using the LDAP, it appears that I have to install the client cert on that webserver as well. The problem is, that if the webserver is not a secure webserver, there appears to be no way to do this. That is, I cannot use a non-secure webserver (not running https) to access the secure LDAP server.
    When I install the client cert on the non-secure webserver, I have to create a Trust Database, providing a password. I can then install the client cert that I need to access the LDAP server, but when I go to restart the non-secure webserver, it complains that it can't read the cert database ("NSS initialization failed: -8177"), and attempts to authenticate users fail.
    If the webserver is running https, a secure webserver, that is, everything works fine: I can install the client cert, and use the LDAP to authenticate users.
    Is there any way to configure a non-secure iWS webserver so that it can read its Trust Database? Or some way to store client certs that does not require a Trust Database?

    I don't believe so. As far as I know, this capability was first introduced in iPlanet Web Server 6.0.

  • MeetingPlace Express Assistance

    Hi All,
    We have MeetingPlace Express version 2.1.1.2.
    We need to configure it to accept any user to make a non-scheduled conference directly, without requesting the user to enter his profile ID and profile password, and without the need to add the data of the users into the MeetingPlace.
    We just need it to act as an audio conference bridge, so we need the user to dial the MeetingPlace number, then he can enter a certain password (one password for all our staff) to enable our employees to log into the MeetingPlace, and then get the Meeting ID and Meeting password and start the meeting.

    Sherif,
    You are going to want to export using all of the headers and leaving them intact in the import file.  You will want to follow the steps below for a successful import as the system is really sensitive that the data is formatted a certain way.
    Create a test user profile in MPE manually so that you can get the file format of the import file with the headers.
    Export User Profiles.
    Export this test user profile to a file and include the header information.
    This will create a User_Profiles.txt file that you will save and then open up in Excel. (Follow these steps below to ensure that the file is formatted correctly)
    1.  Within Excel, click on the Open tool on the toolbar. Excel displays the Open dialog box. (To display this dialog box in Excel 2007/2010, click the Office button and then click on Open.)
    2. Using the Files of Type drop-down list at the bottom of the dialog box, indicate that you want to open Text Files (*.prn; *.txt; *.csv).
    3. Select the saved export file.
    4. Click on Open. Excel starts the Text Import Wizard, displaying the Step 1 of 3 dialog box.
    5. Make sure the Delimited choice is selected, then click on Next. Excel displays the Step 2 of 3 dialog box.
    6. Select Comma as a delimiter, then click on Next. Excel displays the Step 3 of 3 dialog box.
    7. Click on Finish. Your file is imported.
    8. Once the file is opened up in Excel, import your users into this spreadsheet so that they conform to the necessary format and the required headers.Next, find the "isLocalUser" field and set the parameter value for al user profiles from "No' to 'Yes'.  Then find the EncryptedProfilePWD and EncryptedUserPWD fields.  Remove the 'Encrypted' portion of the field name in the header so that they now read ProfilePWD and UserPWD.  Make sure the value for the ProfilePWD for these user profiles is a standard alpha password. (cisco)  Then make sure the value for the UserPWD for these user profiles is a standard numeric password. (12345).  You may just be able to leave them as they are from your import.
    9. Save the file with the changes.
    10. Go to the Application MPE Web Page and then Maintenance-->Import Data-->Import User Profiles.
    11. Select 'Add Profiles To System', select file to import, and set Overwrite field to 'Yes".  (You should also set the log information to file option.)
    12. Hit 'Execute' to import the user profiles to the system.
    13. Once this is completed successfully, then go check the User Profile configuration to ensure that all users are imported correctly into MPE.
    If you run into any problems with this procedure, please open an SR with TAC so that we can assist further.
    Thank You,
    Gerry

  • MeetingPlace Express strange problem !

    Environment:
    MeetingPlace Express 1.1.1.11
    CallManager 4.1(3)sr2
    Voice Gateway 1: 2821 (c2800nm-advipservicesk9-mz.124-4.T.bin) + VIC2-4FXO
    Voice Gateway 2: 2621XM (c2600-advipservicesk9-mz.123-14.T5.bin) + NM-2V + 2* VIC-2FXO
    VG1 connect to CallManager using H.323, VG2 connect to CallManager using MGCP
    MeetingPlace Express connect to CallManager using H.323.
    Problem:
    When dial-in from PSTN to VG1 and VG2, both are well; but when using "Find-Me" feature, MeetingPlace express dial to user, users via VG2 are can sent dtmf with MeetingPlace Express, but users via VG1 can not sent any dtmf digit to MeetingPlace Express. So users via VG1 can not enter the meeting.

    For more information the following url would be useful,
    http://www.cisco.com/en/US/products/ps6533/products_installation_guide_book09186a008057b547.html

  • MeetingPlace Express User ID Change

    I am running MeetingPlace Express 2.1.1.2 and it is AD/CCM Integrated. We in the process of changing our AD User login ID and I may have run into a problem. From Call Manager perspective I just perform a full sync and it is good when a change is made.
    However I cannot modify the user ID in Meeting Place Express.In reading the on line help, it says "Deleting a user profile also results in the removal of all meetings scheduled by that user from the end-user web interface; however, any meetings scheduled by that user still exist in the system"  Does that not contradict itself?
    When I add the user back with the same profile ID, will it re-associate the scheduled meetings? Also, is there a way to manually modify/sync the user id rather than deleting and re-adding?
    Thanks, in advance.
    Doug

    I still don't understand how and when you are encountering that obstacle, but nevertheless if you cannot surmount it you will have to solicit Apple's help.
    Apple can reset your iPhone if you present them its original, dated sales receipt. I believe you will have to do that in person at an Apple Store or an Apple Authorised Service Provider.

  • MeetingPlace Express callout feature not working

    Hello ,
    we have Cisco Unified MeetingPlace Express 2.1.1.2 .
    I am able to make audio/web confrence .
    But call out facility is not working .
    Please let me know what configuration need to be done for getting call out facility  on CUMP
    Below call out features are not working .
      1-Call -alram
      2-operator assistence while dialing 0
      3-dialing from webconf
      4- dialing   from phone view
    CUCM version 7.1
    Meeting place i have confifured as h.323 h/w in CUCM
    Thanks ,
    Shaijal

    Hello,
    After restarting CUMP server my problem got resolved .
    I gave below command to restart the system from the root .
    /sbin/shutdown/ -r now
    Thanks,
    Shaijal

  • Secured LDAP implementation in Oracle BI

    Hi All,
    Can anyone tell me how can I implement the secured LDAP in Oracle BI as I have enabled SSL certificate box during the LDAP configuration in the Oracle BI Repository. Is this enough to say that we have implemented secured LDAP or there is something more that I need to do.
    Thanks!

    In terms of securing your LDAP credentials you probably want the OBIEE Presentation Layer as well to be running over HTTPS otherwise the user LDAP credentials will be sent over a clear text HTTP session (although it might not be an issue for you as the BI Server and the Presentation Services might be running on the same box).

  • Secure LDAP for GWIA Address book

    I've setup the GWIA 7.0.3 May 2009 code set and configured for Secure LDAP.
    I'm using the same *.b64 and *.key files we use for all our POA and MTAs.
    I cannot get the Novell LDAP address book to connect to 636.
    Is there a document I can use to help me figure this out.
    I can revert to 389 but that port is not open through the firewall.
    Mike

    POP and IMAP both work on secure port
    >>>
    From: jgrubbs<[email protected]>
    To:novell.support.groupwise.7x.gwia
    Date: 9/9/2009 6:36 PM
    Subject: Re: Secure LDAP for GWIA Address book
    Does POP3 work on the secure port?-- Jeff Grubbs
    Novell Technical Support Engineer II
    [email protected]-------------------------jgrubbs's Profile: http://forums.novell.com/member.php?userid=41638View this thread: http://forums.novell.com/showthread.php?t=385674

Maybe you are looking for