• ×
    Information
    Windows update impacting certain printer icons and names. Microsoft is working on a solution.
    Click here to learn more
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
  • ×
    Information
    Windows update impacting certain printer icons and names. Microsoft is working on a solution.
    Click here to learn more
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
Guidelines
The HP Community is where owners of HP products, like you, volunteer to help each other find solutions.
Locked

‎01-25-2012 06:36 PM

HP Recommended

Hi, I'm able to configure corporate directory on my vvx 500 using TCP 389 port.  But I would like to use LDAP over SSL which uses port 636.  I made the change on the following attributes on the features.cfg file, and couldn't get it to work:

dir.corp.address -> ldaps://server_fdqn

dir.corp.port -> 636

 

I've verifed that SSL is enabled and working on my Windows LDAP server.  Any sugguestions?  Thanks.

 

 

Shawn

6 REPLIES 6

‎01-26-2012 02:34 AM

HP Recommended

Hello Shawn,

 

please be reminded that the Polycom Community is not a replacement for the normal Polycom Support Process.

 

The VVX500 is a brand new device and your Polycom Reseller should be the first person to be contacted.

 

Have you checked the troubleshooting tips in this Document => here <= and checked the Logs?

 

You mention Port 636 which uses TLS so have you changed the dir.corp.transport to utilize TLS rather than the standard TCP?

 

Please provide some feedback to this and your other post's that have been answered by myself so that other users utilizing the search will be able to find you solution.

 

Best Regards

 

Steffen Baier

 

Polycom Global Services

------------------------------------------------
Notice: I am an HP Poly employee but all replies within the community are done as a volunteer outside of my day role. This community forum is not an official HP Poly support resource, thus responses from HP Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge.
If you need immediate and/or official assistance for former Poly\Plantronics\Polycom please open a service ticket through your support channels
For HP products please check HP Support.

Please also ensure you always check the General VoIP , Video Endpoint , UC Platform (Microsoft) , PSTN
Was this reply helpful? Yes No

‎02-03-2012 12:20 PM

HP Recommended

I set dir.corp.transport to TLS, and I'm getting "Please try again" message on the phone.

Was this reply helpful? Yes No

‎11-06-2015 01:44 AM

HP Recommended

Is there a solution, since I got the same problem here. 

(I do see a connection problem in the log:

 

1106091909|ldap |0|00|ldapData&colon;:newFilter:baseRequest=ldaps://beropbx/ou=people,dc=example,dc=com?sn,givenName,telephoneNumber,o?sub
1106091909|ldap |1|00|ldapCfg::getSSLv2v3Enabled:LDAP:SSLv2v3 Enabled = 0
1106091909|ldap |1|00|ldapCfg::getCaFile:LDAP:CA filepath = /ffs0/ca1.crt
1106091909|ldap |1|00|ldapCfg::getDeviceCertFile:LDAP:Dev cert filepath = /ffs0/defdev.crt
1106091909|ldap |1|00|ldapCfg::getDeviceKeyFile:LDAP:key filepath = /tmp/defkey.crt
1106091909|ldap |1|00|ldapCfg::getCipherList:LDAP:Cipher suite = RSA:!EXP:!LOW:!NULL:!MD5:@STRENGTH
1106091910|ldap |4|00|ldapData&colon;:ldapConnBind:ldap_x_bind_s - rc=0xffffffff <Can't contact LDAP server>
1106091910|ldap |1|00|ldapCfg::show:<LDAP configuration:> status=<1>
1106091910|ldap |1|00| <server version=-1> <sort:ctrl=0x1-cfg=0x0> <vlv=No> <vrCrt=Yes>
1106091910|ldap |1|00| <host=ldaps://beropbx> <pfix=ldaps://> <port=636> <trans=tls> <bindOnInit=Yes>
1106091910|ldap |1|00| <baseDN=ou=people,dc=example,dc=com> <filterPrefix=(objectClass=inetOrgPerson)> <sortOrder=sn givenName telephoneNumber> <invSortOrder=NULL>
1106091910|ldap |1|00|ldapCfg::getCaFile:LDAP:CA filepath = /ffs0/ca1.crt
1106091910|ldap |1|00|ldapCfg::getCaFile:LDAP:CA filepath = /ffs0/ca1.crt
1106091910|ldap |1|00| <attrib=sn,givenName,telephoneNumber,o><sub></ffs0/ca1.crt>
1106091910|ldap |1|00| <persistView=No> <persistSearch=No>
1106091910|ldap |1|00| <backgroundSyncPeriod=0> <autoQuerySubmitTimeout=2>
1106091910|ldap |1|00| <domain=NULL> <user=uid=ldapuser,ou=daemon,dc=example,dc=com> <pass=***>
1106091910|ldap |1|00|ldapCfg::getSSLv2v3Enabled:LDAP:SSLv2v3 Enabled = 0
1106091910|ldap |1|00| <SSLv2v3Enabled=0>
1106091910|ldap |1|00|ldapCfg::showAttr: Attributes:
1106091910|ldap |1|00|ldapCfg::showAttr: [0] <name=sn><label=Nachname><type=last_name><filter=><sticky=No><srch=Yes>
1106091910|ldap |1|00|ldapCfg::showAttr: [1] <name=givenName><label=Vorname><type=first_name><filter=><sticky=No><srch=Yes>
1106091910|ldap |1|00|ldapCfg::showAttr: [2] <name=telephoneNumber><label=Telefon><type=phone_number><filter=><sticky=No><srch=No>
1106091910|ldap |1|00|ldapCfg::showAttr: [3] <name=o><label=Firma><type=other><filter=><sticky=No><srch=Yes>
1106091910|ldap |3|00|cDynamicData&colon;:processError:conn error
1106091910|ldap |3|00|cDynamicData&colon;:forceResync:resync timer started
1106092010|ldap |0|00|ldapData&colon;:newFilter:baseRequest=ldaps://beropbx/ou=people,dc=example,dc=com?sn,givenName,telephoneNumber,o?sub
1106092010|ldap |1|00|ldapCfg::getSSLv2v3Enabled:LDAP:SSLv2v3 Enabled = 0
1106092010|ldap |1|00|ldapCfg::getCaFile:LDAP:CA filepath = /ffs0/ca1.crt

 

) The connection does work with ldap via TCP to port 389. And I can connect to the server from another Linux machine via TLS. The self signed CA.cert is on the phone and is also used for provisioning.

 

The OpenLDAP server runs on debian-Linux with the following TLS statements configured:

olcTLSCACertificateFile: /etc/ldap/ca.crt

olcTLSCertificateFile: /etc/ldap/server.crt

olcTLSCertificateKeyFile: /etc/ldap/server.key

olcTLSVerifyClient: never

 

 

Was this reply helpful? Yes No

‎11-06-2015 05:26 AM

HP Recommended

Hello VoIP-HH,

welcome to the Polycom Community and thanks for resurrecting this older post.

 

As you can notice the original poster has not followed this up so I am unsure if they ever logged a ticket with our support team.


In addition it is always useful to include the currently used SIP or UC Software version as issues experienced may already be addressed in a newer release.

Please also include if you are using a SIP server or a LYNC server

This also allows yourself and others to check against current software release notes.

The above is also stated in the "Read First: Welcome to the Polycom VoIP Forum"

Therefore the Polycom VoIP FAQ contains this post here:

Question: How can I find out my SIP UC Software Version or the BootROM Version of my Phone?
Resolution: Please check here

In regards of your issue what is the content of your dir.corp.address="" ?

 

Looking at the log:

 

1106091909|ldap |0|00|ldapData&colon;:newFilter:baseRequest=ldaps://beropbx/ou=people,dc=example,dc=com?sn,givenName,telephoneNumber,o?sub


I would expect this to look like something like this:

 

1106091909|ldap |0|00|ldapData&colon;:newFilter:baseRequest=ldaps://beropbx.something/ou=people,dc=example,dc=com?sn,givenName,telephoneNumber,o?sub


Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.

Best Regards

Steffen Baier

Polycom Global Services

------------------------------------------------
Notice: I am an HP Poly employee but all replies within the community are done as a volunteer outside of my day role. This community forum is not an official HP Poly support resource, thus responses from HP Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge.
If you need immediate and/or official assistance for former Poly\Plantronics\Polycom please open a service ticket through your support channels
For HP products please check HP Support.

Please also ensure you always check the General VoIP , Video Endpoint , UC Platform (Microsoft) , PSTN
Was this reply helpful? Yes No

‎11-06-2015 05:58 AM

HP Recommended

Hello Steffen,

 

I am using a SIP server. The UC-firmware is the most recent one 5.4.0.5841 and  updater 5.6.0.8213 (both on a VVX 400). I some other models here as well, so I could easyly check the config on (almost all) current phone models.

 

The "beropbx" is corret. It is the cn name of the certificate. The dns also works, since the configuration does work with ldap://beropbx on port 389 with transport TCP. It just does not work with ldaps://beropbx on port 636 with transport TLS. 

 

(I am running openldap-2.4.40 on debian which is Linux version 3.2.0-4-amd64 (debian-kernel@lists.debian.org) (gcc version 4.6.3 (Debian 4.6.3-14) ) #1 SMP Debian 3.2.68-1+deb7u3)

 

I appreaciate your help.

Regards

Was this reply helpful? Yes No

‎11-06-2015 06:57 AM

HP Recommended

Hello VoIP-HH,

The next step is to contact your Polycom reseller so they can open a Support ticket with our team for you.

Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.

Best Regards

Steffen Baier

Polycom Global Services

------------------------------------------------
Notice: I am an HP Poly employee but all replies within the community are done as a volunteer outside of my day role. This community forum is not an official HP Poly support resource, thus responses from HP Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge.
If you need immediate and/or official assistance for former Poly\Plantronics\Polycom please open a service ticket through your support channels
For HP products please check HP Support.

Please also ensure you always check the General VoIP , Video Endpoint , UC Platform (Microsoft) , PSTN
Was this reply helpful? Yes No
† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.

Didn't find what you were looking for? Ask the community

† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the <a href="https://www8.hp.com/us/en/terms-of-use.html" class="udrlinesmall">Terms of Use</a> and <a href="/t5/custom/page/page-id/hp.rulespage" class="udrlinesmall"> Rules of Participation</a>.