LDAP information not showing up in Prognosis.

Highlighted
05 Base Camper

LDAP information not showing up in Prognosis.

LDAP information not showing up in Prognosis.
Using Prognosis 10.5.1.
At the beginning of the installation iR had to hardcode LDAP configuration string to access activedirectory information for users.
The former Lync 2013 Domain is disbanded/removed.

DEFINE LDAP_PROFILE(NRKG2013, ip=, "basedn=DC=userdomain,DC=ADdomain,DC=topleveldomain,DC=no")
DEFINE LDAP_PROFILE(Pool:NRKG2013, ip=, "pooldn=CN=Lc Services,CN=Microsoft,CN=1:10,CN=Pools,CN=RTC Service,CN=Microsoft,CN=System,DC=ADdomain,DC=topleveldomain,DC=no")

We've changed the configuration to our new domain with Skype 2015 (two Skypepools this time)

Som errors we're seeing now is:
31/03/2017 12:45:36 IRLYNC ldapjobp 000000139 T6692 [CXpLdapJob::Execute] [ldapjob]ERROR: Referral: pooldn=CN=Lc Services,CN=Microsoft,CN=1:10,CN=Pools,CN=RTC Service,CN=Microsoft,CN=System,DC=ADdomain,DC=topleveldomain,DC=no: filter=(objectClass=msRTCSIP-Pool)
(when we're trying to refer to the same AD-baseDN as before)

Anyone have an idea how to configure this, and this error means?
Do we have to "hack" lync-ldap-users.xml again?


Vidar
7 REPLIES 7
Highlighted
Community Manager

Re: LDAP information not showing up in Prognosis.

Hi Vidar,

The 2nd Pool line doesn't look right. Based on patterns I have seen, the configs should look more like:

DEFINE LDAP_PROFILE(NRKG2013, ip=, “basedn=DC=userdomain,DC=ADdomain,DC=topleveldomain,DC=no”)
DEFINE LDAP_PROFILE(Pool:NRKG2013, ip=, “CN=System,DC=ADdomain,DC=topleveldomain,DC=no”)

Try just shortening the Pool line as above as first step and if that doesn't work, let me know and I will give you some routines for checking your system to get the correct settings. Let me know how the above goes and if it doesn't work, what the new error is.

Also: Give our irLync.exe process a little restart in task manager after making the change.
Highlighted
Community Manager

Re: LDAP information not showing up in Prognosis.

Hi,

had a case where we installed in a subdomain and then it was only possible to get the users within this domain. In that case you might change the LDAP port to 3268 for triggering the global cataloge while also changing the base DN to the topleveldomain.
Highlighted
Community Manager

Re: LDAP information not showing up in Prognosis.

Hi Stefan,

Could you post an example of that here: Theoretically, what might the above example look like in our Lync Configuration if changed to this?
Is it just adding a port= entry?
I really have not had to set it up that way with any customer's yet but now that you post this I know one will poppup.
Highlighted
Community Manager

Re: LDAP information not showing up in Prognosis.

Adam, please see my separate post on using Global Catalog server for LDAP instead of generic LDAP:

https://online.prognosis.com/forum/skype-for-business/using-global-catalog-for-ldap-connections-in-prognosis-for-skype-for-businesslync/

I cover the use cases and validation techniques there.
Highlighted
Community Manager

Re: LDAP information not showing up in Prognosis.

Hi Duncan,

Whats missing from your writeup are what the LDAP Configuration line/s in prognosis should look like. Having a good working example of this would be great.
From what I have found recently, it's 1 LDAP line (No LDAPSmiley Tongueool line) and they need both the port and the mode=SSL configured).

I have read through your write-up and am still unsure if the basedn here is just the regular basedn from the regular approaches we use to get it, or it could be different. (RootDSE method)

It would be great if you added to your article above with more Prognosis side examples and info. I feel if I am having trouble connecting your info to relate to Prognosis, so will other readers potentially.
Highlighted
Community Manager

Re: LDAP information not showing up in Prognosis.

Adam, I've clarified this a bit further in the linked forum post (https://online.prognosis.com/forum/skype-for-business/using-global-catalog-for-ldap-connections-in-prognosis-for-skype-for-businesslync/ ), but just to close the loop here:

The ONLY requirement that differs between making a standard LDAP query and a Global Catalog Query is the port. Everything else in the Prognosis Lync static configuration can be identical, and switching ports from 389 to 3268 will move the LDAP query to a global catalog search.
Highlighted
Community Manager

Re: LDAP information not showing up in Prognosis.

Hi Vidar

 

That "ERROR: Referral" error means Prognosis can't find the Pool objects under that PoolDN location in the tree. You could determine the correct pooldn in a few ways:

- Powershell command on Lync Servers: Get-CsUser -Identity "administrator"

- LDAP search using that filter (objectClass=msRTCSIP-Pool), subtree search, from top level BaseDN using a 3rd party LDAP client, or a powershell module, or using the command line tool that is in Prognosis like this:

CD \Prognosis\Server\Configuration
..\irldaptool.exe -i 10.10.10.1 -o 3268 -u domain\user -p Password1 -b DC=domain,DC=com -f (objectClass=msRTCSIP-Pool)

 

HTH

 

Webinar: Keep the modern workforce connected

Unified Communications has always been an important part of companies' digital transformation efforts due to its ability to enable rich virtual collaboration and communication. But with COVID-19, we've reached a break-through point.

Join Bill Haskins, Sr. Analyst & Partner, Unified Communications at Wainhouse Research, and John Ruthven, CEO at IR discuss UC challenges companies are experiencing due to the COVOID-19 crisis.

Join webinar