Cisco Cisco TelePresence Video Communication Server Expressway
2.
Configure the fields as follows:
H.350 device
authentication
authentication
Select On.
The H.350 directory can be used in
combination with other authentication
mechanisms.
combination with other authentication
mechanisms.
Source of
aliases for
registration
aliases for
registration
Determines how aliases are checked and
registered.
registered.
See
H.350 directory authentication and
registration process
above for a
description of each setting.
When Source of aliases for registration is
H.350 directory, MCUs are treated as a
special case. They register with the
presented aliases and ignore any aliases in
the H.350 directory. (This is to allow MCUs
to additively register aliases for
conferences.)
H.350 directory, MCUs are treated as a
special case. They register with the
presented aliases and ignore any aliases in
the H.350 directory. (This is to allow MCUs
to additively register aliases for
conferences.)
Server
address
address
The IP address or FQDN (or server address, if
a DNS Domain name has also been
configured) of the LDAP server.
a DNS Domain name has also been
configured) of the LDAP server.
The LDAP server must have the H.350
schemas installed.
schemas installed.
If using TLS, the address entered here must
match the CN (common name) contained
within the certificate presented by the LDAP
server.
match the CN (common name) contained
within the certificate presented by the LDAP
server.
FQDN
address
resolution
address
resolution
Defines how the LDAP Server address is
resolved if it is specified as an FQDN.
resolved if it is specified as an FQDN.
Address record: DNS A or AAAA record
lookup.
lookup.
SRV record: DNS SRV record lookup.
Note:
if you use SRV records, ensure that
the records use the standard ports for LDAP.
_ldap._tcp.<domain>
must use 389 and
_
ldaps._tcp.<domain>
must use 636. The VCS
does not support other port numbers for
LDAP.
LDAP.
DNS SRV lookups enable the VCS to
authenticate devices against multiple
remote H.350 directory servers. This
provides a seamless redundancy
mechanism in the event of reachability
problems to an H.350 directory server.
authenticate devices against multiple
remote H.350 directory servers. This
provides a seamless redundancy
mechanism in the event of reachability
problems to an H.350 directory server.
The SRV lookup is for either _ldap._tcp or _
ldaps._tcp records, depending on whether
Encryption is enabled. If multiple servers
are returned, the priority and weight of each
SRV record determines the order in which
the servers are used.
ldaps._tcp records, depending on whether
Encryption is enabled. If multiple servers
are returned, the priority and weight of each
SRV record determines the order in which
the servers are used.
Port
The IP port of the LDAP server.
Non-secure connections use 389 and
secure connections use 636.
secure connections use 636.
Encryption
Determines whether the connection to the
LDAP server is encrypted using Transport
Layer Security (TLS).
LDAP server is encrypted using Transport
Layer Security (TLS).
TLS: uses TLS encryption for the connection
to the LDAP server.
to the LDAP server.
Off: no encryption is used.
When TLS is enabled, the LDAP server’s
certificate must be signed by an authority
within the VCS’s trusted CA certificates file.
certificate must be signed by an authority
within the VCS’s trusted CA certificates file.
Click Upload a CA certificate file for TLS
(in the Related tasks section) to go to the
Trusted CA certificate page.
(in the Related tasks section) to go to the
Trusted CA certificate page.
Bind DN
The user distinguished name used by the
VCS when binding to the LDAP server.
VCS when binding to the LDAP server.
For example, uid=admin, ou=system
Bind
password
password
The password used by the VCS when
binding to the LDAP server.
binding to the LDAP server.
23
Cisco VCS Authenticating Devices Deployment Guide