Cisco Cisco TelePresence Video Communication Server Expressway
Appendix 3 – Active Directory structure
VCS Deployment Guide: Authenticating VCS accounts using LDAP (VCS X7.2)
Page 13 of 20
Note:
Depending on how the database was initially set up, sometimes
cn=
is not reserved just for the
‘leaves’. For example, by default Microsoft AD databases have the Users in a ‘container’ (cn=)
not and organizational unit (ou=).
When configuring the VCS bind DN and Base DN fields in VCS, it is important to use the same
not and organizational unit (ou=).
When configuring the VCS bind DN and Base DN fields in VCS, it is important to use the same
dc
,
ou
,
cn
tags and use them in the same order as specified in the database.
The VCS Bind DN is the directory structure to and including the object that specifies the account
(in AD terminology the Active Directory “user” object). The account name used to login to the VCS
and the account name used for SASL is the sAMAccountName; Security Access Manager
Account Name (in AD the account’s user logon name).
(in AD terminology the Active Directory “user” object). The account name used to login to the VCS
and the account name used for SASL is the sAMAccountName; Security Access Manager
Account Name (in AD the account’s user logon name).
The Base DN for accounts and groups must be at or below the dc level (include all dc= values
and maybe ou= values too). Having a base DN of dc=int is not supported.
and maybe ou= values too). Having a base DN of dc=int is not supported.