Cisco Cisco TelePresence Video Communication Server Expressway
Using an H.350 Directory Service Lookup via LDAP
The Device authentication H.350 configuration page (Configuration > Authentication > Devices > H.350 directory
service) is used to configure a connection via LDAP to an H.350 directory service. An H.350 directory service lookup
can be used for authenticating any endpoint, SIP and H.323.
service) is used to configure a connection via LDAP to an H.350 directory service. An H.350 directory service lookup
can be used for authenticating any endpoint, SIP and H.323.
H.350 Directory Authentication and Registration Process
If the VCS is using an H.350 directory service to authenticate registration requests, the process is as follows:
1.
The endpoint presents its username and authentication credentials to the VCS, and the aliases with which it
wants to register.
wants to register.
2.
The VCS then determines which aliases the endpoint is allowed to attempt to register with, based on the
Source of aliases for registration setting. For H.323 endpoints, you can use this setting to override the
aliases presented by the endpoint with those in the H.350 directory, or you can use them in addition to the
endpoint’s aliases. For SIP endpoints, you can use this setting to reject a registration if the endpoint’s AOR
does not match that in the H.350 directory. The options are:
Source of aliases for registration setting. For H.323 endpoints, you can use this setting to override the
aliases presented by the endpoint with those in the H.350 directory, or you can use them in addition to the
endpoint’s aliases. For SIP endpoints, you can use this setting to reject a registration if the endpoint’s AOR
does not match that in the H.350 directory. The options are:
—
H.350 directory: for SIP registrations the AOR presented by the endpoint is registered providing it is listed in
the H.350 directory for the endpoint's username.
the H.350 directory for the endpoint's username.
For H.323 registrations:
•
At least one of the aliases presented by the endpoint must be listed in the H.350 directory for that
endpoint's username. If none of the presented aliases are listed it is not allowed to register.
endpoint's username. If none of the presented aliases are listed it is not allowed to register.
•
The endpoint will register with all of the aliases (up to a maximum of 20) listed in the H.350 directory.
Aliases presented by the endpoint that are not in the H.350 directory will not be registered.
Aliases presented by the endpoint that are not in the H.350 directory will not be registered.
•
If no aliases are listed in the H.350 directory, the endpoint will register with all the aliases it presented.
•
If no aliases are presented by the endpoint, it will register with all the aliases listed in the H.350 directory
for its username.
for its username.
—
Combined: the aliases presented by the endpoint are used in addition to any listed in the H.350 directory for
the endpoint’s username. In other words, this is the same as for H.350 directory, except that if an endpoint
presents an alias that is not in the H.350 directory, it will be allowed to register with that alias.
the endpoint’s username. In other words, this is the same as for H.350 directory, except that if an endpoint
presents an alias that is not in the H.350 directory, it will be allowed to register with that alias.
—
Endpoint: the aliases presented by the endpoint are used; any in the H.350 directory are ignored. If no
aliases are presented by the endpoint, it is not allowed to register.
aliases are presented by the endpoint, it is not allowed to register.
The default is H.350 directory.
Note that if the authentication policy is Do not check credentials or Treat as authenticated, then the Source of
aliases for registration setting is ignored and the aliases presented by the endpoint are used.
aliases for registration setting is ignored and the aliases presented by the endpoint are used.
Configuring the LDAP Server Directory
. It should store
credentials for devices with which the VCS communicates, and the aliases of endpoints that will register with the
VCS.
VCS.
1.
Download the required H.350 schemas from the VCS (Configuration > Authentication > Devices > H.350
directory schemas) and install them on the LDAP server.
directory schemas) and install them on the LDAP server.
2.
Configure the directory with the aliases of endpoints that will register with the VCS.
Configuring the LDAP Server Settings
1.
Go to Configuration > Authentication > Devices > H.350 directory service.
22
Cisco VCS Authenticating Devices Deployment Guide