Cisco Cisco TelePresence Video Communication Server Expressway
Configuring VCS authentication methods
VCS Deployment Guide: Authenticating Devices (VCS X7.0)
Page 12 of 44
Using an H.350 directory service lookup via LDAP
An H.350 directory service lookup can be used for authenticating any endpoint, SIP and H.323.
Configuring the VCS to use an H.350 directory service lookup
Install the H.350 schemas on the LDAP server:
1. Download the required H.350 schemas from the VCS and install them on the LDAP server.
See the VCS Administrator Guide or VCS online help for instructions about how to download the
schemas and for how to configure a Microsoft Active Directory LDAP server or an OpenLDAP
server.
schemas and for how to configure a Microsoft Active Directory LDAP server or an OpenLDAP
server.
To use the H.350 directory service lookup:
1. Go to
VCS configuration > Authentication > Devices > Configuration
.
2. Select LDAP database as the Database type.
3. Click Save.
To configure access to the LDAP server for H.350 directory service lookup:
1. Go to
VCS configuration > Authentication > Devices > LDAP configuration
.
2. Configure the fields as follows:
LDAP server
<LDAP server IP address or domain>
(The LDAP server must have the H.350 schemas installed.)
(The LDAP server must have the H.350 schemas installed.)
Port
Typically 389 for non secure connections and 636 for secure connections.
Encryption
Off or TLS
Note that if encryption is set to TLS, a valid CA certificate, private key and server
certificate must be uploaded to the VCS via the
Note that if encryption is set to TLS, a valid CA certificate, private key and server
certificate must be uploaded to the VCS via the
Security certificates
page
(
Maintenance > Certificate management > Security certificates
).
The default value is Off.
User DN
Distinguished name of username used when binding to the H.350 LDAP server (for
example, uid=admin, ou=system)
example, uid=admin, ou=system)
Password
Password to use when binding to the H.350 LDAP server.
Base DN
Distinguished name to use when connecting to the H.350 LDAP server
(for example, ou=H350,dc=example,dc=com).
(for example, ou=H350,dc=example,dc=com).
Alias origin
This determines how aliases are checked and registered. The options are:
LDAP: the aliases presented by the endpoint are checked against those listed in the
LDAP database.
Endpoint: only the aliases presented by the endpoint are used.
Combined: the aliases presented by the endpoint are used in addition to any listed
in the LDAP database.
The default value is LDAP.
LDAP: the aliases presented by the endpoint are checked against those listed in the
LDAP database.
Endpoint: only the aliases presented by the endpoint are used.
Combined: the aliases presented by the endpoint are used in addition to any listed
in the LDAP database.
The default value is LDAP.
3. Click Save.
Connection is successful when the Status reports State
Active
.