TANDBERG D14049.01 User Manual
D 14049.01
07.2007
07.2007
8
TANDBERG
VIDEO COMMUNICATION SERVER
ADMINISTRATOR GUIDE
Text goes here
TANDBERG
VIDEO COMMUNICATION SERVER
ADMINISTRATOR GUIDE
LDAP Configuration
Adding H.350 Objects
Create the Organizational Hierarchy
Open up the Active Directory
Users and Computers
MMC
snap-in.
Under your BaseDN right-click and select
Under your BaseDN right-click and select
New Organizational
Unit.
Create an Organizational unit called
h350
.
It is good practice to keep the H.350 directory in its own
organizational unit to separate out H.350 objects from
other types of objects. This allows access controls to be
organizational unit to separate out H.350 objects from
other types of objects. This allows access controls to be
setup which only allow the VCS read access to the BaseDN and
therefore limit access to other sections of the directory.
therefore limit access to other sections of the directory.
Add the H.350 Objects
Create an
ldif
file with the following contents:
# MeetingRoom1 endpoint
dn: commUniqueId=comm1,ou=h350,DC=X
objectClass: commObject
dn: commUniqueId=comm1,ou=h350,DC=X
objectClass: commObject
.
.
3.
.
objectClass: h323Identity
objectClass: h235Identity
commUniqueId: comm1
h323Identityh323-ID: MeetingRoom1
h323IdentitydialedDigits: 626262
h235IdentityEndpointID: meetingroom1
h235IdentityPassword: mypassword
objectClass: h235Identity
commUniqueId: comm1
h323Identityh323-ID: MeetingRoom1
h323IdentitydialedDigits: 626262
h235IdentityEndpointID: meetingroom1
h235IdentityPassword: mypassword
Add the ldif file to the server using the command:
ldifde -i -c DC=X <ldap _ base> -f filename.
ldf
where:
<ldap _ base>
is the base DN of your Active Directory
Server.
The example above will add a single H.323 endpoint with an
H.323 Id alias of
H.323 Id alias of
MeetingRoom1
and an E.164 alias of
626262
.
The entry also has H.235 credentials of id
meetingroom1
and
password
mypassword
which are used during authentication.
.
Prerequisites
These step-by-step instructions assume that Active Directory
has already been installed. For details on installing Active
Directory please consult your Windows documentation.
The following instructions are for Windows Server 2003
Enterprise Edition. If you are not using this version of Windows,
your instructions may vary.
has already been installed. For details on installing Active
Directory please consult your Windows documentation.
The following instructions are for Windows Server 2003
Enterprise Edition. If you are not using this version of Windows,
your instructions may vary.
Securing with TLS
To enable Active Directory to use TLS, you must request and install a certificate on the Active Directory server. The certificate must
meet the following requirements:
meet the following requirements:
Be located in the Local Computer’s Personal certificate store. This can be seen using the
Certificates
MMC snap-in.
Have the private details on how to obtain a key associated for use with it stored locally. When viewing the certificate you should
see a message saying “You have a private key that corresponds to this certificate’’.
Have a private key that does not have strong private key protection enabled. This is an attribute that can be added to a key
request.
The Enhanced Key Usage extension includes the Server Authentication object identifier, again this forms part of the key request.
Issued by a CA that both the domain controller and the client trust.
Include the Active Directory fully qualified domain name of the domain controller in the common name in the subject field and/or
the DNS entry in the subject alternative name extension.
see a message saying “You have a private key that corresponds to this certificate’’.
Have a private key that does not have strong private key protection enabled. This is an attribute that can be added to a key
request.
The Enhanced Key Usage extension includes the Server Authentication object identifier, again this forms part of the key request.
Issued by a CA that both the domain controller and the client trust.
Include the Active Directory fully qualified domain name of the domain controller in the common name in the subject field and/or
the DNS entry in the subject alternative name extension.
To configure the VCS to use TLS on the connection to the LDAP server you must upload the CA’s certificate as a trusted CA
certificate. This can be done on the VCS by navigating to:
certificate. This can be done on the VCS by navigating to:
Maintenance > Security.
•
•
•
•
•
•
•
•
•
•
Microsoft Active Directory
Installing the H.350 Schemas
Once you have
, install them as
follows:
Open a command prompt and for each file execute the following
command:
Open a command prompt and for each file execute the following
command:
ldifde -i -c DC=X <ldap _ base> -f filename.ldf
where:
<ldap _ base>
is the base DN for your Active Directory
server.