We currently have the corporate directory enabled on our Poly VVX 501 phones (UC v5.9.5.0614) and we are looking to implement LDAPS with LDAP Certificate CN Validation checking.
I have the dir.corp.address configured as the FQDN of the LDAP server and the dir.corp.port and dir.corp.transport set to port 636 and TLS respectively. The LDAP lookup for the Corporate Directory will work via ldaps as long as the sec.TLS.LDAP.strictCertCommonNameValidation is set to 0. As soon as we enable CN Validation for LDAP, you receive an error message as soon as choosing the Corporate Directory from the phone.
I set the log level for the LDAP service to 0 and was able to see the connection to the LDAP server using ldaps://<IP Address> rather than ldaps://<FQDN> which i believe is the issue here since the CN or SANs on the LDAP server certificate do not contain the IP address of the host.
Has anyone else seen it where the dir.crop.address is configured as the FQDN and is being replaced by the IP address of the server in the logs?
Hello @BDengler ,
Welcome back to the Polycom Community.
Most of your old post(s) => here <= are still open/pending as you have not marked these as "Accept as a solution" or at least provide some form of feedback or answer.
If they are in this state nobody finding them via a community search will know if an answer or advice provided was useful and has maybe helped you.
Could you therefore kindly go over them and mark or answer as appropriate?
If they are marked as "Accept as a solution" other users can find these easier and it helps them to utilise the community more efficiently.
For your new issue, I am not aware of this. We had some similar-sounding issues in the early days of the SoundPoint (VOIP-43676, VOIP-42501) phones but I cannot relate this to the VVX Phones.
The next step would be a support ticket.
In order to raise a support ticket, you need to work with your Poly reseller as they may need to do this for you.
End Customers are usually unable to open a ticket directly with Poly support. Available End User Poly services offerings are detailed here
If this is some sort of an Internet discounter providing your MAC address or your Poly devices serial will enable us to look up who would be able to support you. This may not be who you purchased the Poly device from.
If the unit is no longer within the warranty please be prepared to Pay Per Incident / PPI. This is all outlined in detail here
Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.
Thanks for the feedback. IN the meantime since we were unable to get this resolve we just disabled the feature and only use the Skype for Business Directory.
Hello @BDengler ,
the only way to get this resolved would be via a support ticket as already outlined.