Cisco Cisco TelePresence Video Communication Server Expressway
VCS configuration
Configure DNS server
Ensure one or more DNS server addresses are set up on the VCS (
System > DNS
). DNS is required for:
n
Finding the IP address of the LDAP server if the server is defined by name rather than IP address.
n
If SASL is enabled, part of the security process is to perform an IP address to name check – a reverse
DNS lookup for that LDAP server. If SASL is enabled, the DNS servers must support reverse DNS lookup.
DNS lookup for that LDAP server. If SASL is enabled, the DNS servers must support reverse DNS lookup.
Configure LDAP server details on VCS
1. Go to
Users > LDAP configuration
.
2. Configure the following fields so that the VCS can connect to the LDAP server to authenticate login
accounts and check group membership (you can use the questionnaire in to get the appropriate
information from your IT department):
information from your IT department):
Field
Description
Usage tips
Administrator
authentication
source
authentication
source
Select Both.
Both allows you to continue to use
locally-defined accounts. This is useful
while troubleshooting any connection
or authorization issues with the LDAP
server.
locally-defined accounts. This is useful
while troubleshooting any connection
or authorization issues with the LDAP
server.
You cannot log in using a locally-
configured administrator account,
including the default admin account, if
Remote only authentication is in use.
Note: do not use Remote only if VCS is
managed by Cisco TMS.
configured administrator account,
including the default admin account, if
Remote only authentication is in use.
Note: do not use Remote only if VCS is
managed by Cisco TMS.
FindMe
authentication
source
authentication
source
Select Remote.
This option applies only if you are using
FindMe without Cisco TMS.
FindMe without Cisco TMS.
FQDN
address
resolution
address
resolution
Defines how the LDAP server address is resolved.
SRV record: DNS SRV record lookup.
Address record: DNS A or AAAA record lookup.
IP address: entered directly as an IP address.
Note: if you use SRV records, ensure that the
records use the standard ports for LDAP. _ldap._
tcp.<domain>
records use the standard ports for LDAP. _ldap._
tcp.<domain>
must use 389 and _ldaps._
tcp.<domain>
must use 636. The VCS does not
support other port numbers for LDAP.
The SRV lookup is for either _ldap._tcp
or _ldaps._tcp records, depending on
whether Encryption is enabled. If
multiple servers are returned, the
priority and weight of each SRV record
determines the order in which the
servers are used.
or _ldaps._tcp records, depending on
whether Encryption is enabled. If
multiple servers are returned, the
priority and weight of each SRV record
determines the order in which the
servers are used.
Cisco TelePresence Authenticating Cisco VCS Accounts Using LDAP Deployment Guide (X8.5)
Page 5 of 21
VCS configuration