Cisco Cisco TelePresence Video Communication Server Expressway
Introduction
VCS Deployment Guide: Authenticating VCS accounts using LDAP (VCS X7.2)
Page 3 of 20
Introduction
Increasingly, users have to supply authentication credentials (usernames and passwords) in order to
log in to devices and systems. Rather than having to remember separate usernames and passwords
for each device, it is easier and more preferable for users to have a single set of sign-in credentials
that are managed centrally by an LDAP accessible server.
log in to devices and systems. Rather than having to remember separate usernames and passwords
for each device, it is easier and more preferable for users to have a single set of sign-in credentials
that are managed centrally by an LDAP accessible server.
The device being accessed, rather than looking up the username and password in its own internal
database, contacts the LDAP accessible server to both authenticate the user and also to check
whether that authenticated user belongs to a group that the device authorizes to perform the
functionality requested.
database, contacts the LDAP accessible server to both authenticate the user and also to check
whether that authenticated user belongs to a group that the device authorizes to perform the
functionality requested.
Using a central login credential database also allows the company to define policies for passwords,
such as the replacement interval, level of complexity and so on, and be sure that it applies to
passwords for all systems.
such as the replacement interval, level of complexity and so on, and be sure that it applies to
passwords for all systems.
This document describes how to configure the Cisco TelePresence Video Communication Server
(Cisco VCS) to authenticate login accounts over LDAP.
(Cisco VCS) to authenticate login accounts over LDAP.
LDAP authentication and authorization is used for web login to the Cisco VCS’s administrator and user
(FindMe) accounts.
(FindMe) accounts.
Currently, Windows Active Directory is the only LDAP accessible server supported by the VCS.
Note that:
Other logins, including serial, Telnet and SSH continue to use the admin account configured on
the VCS.
the VCS.
User account web login only applies if device provisioning is in TMS Agent legacy mode, or you
are using FindMe without TMS.
are using FindMe without TMS.
Usage
As an operator you will need to:
have users, together with passwords, configured in the LDAP accessible server
configure groups in the LDAP accessible server which define capabilities of the users
associate users with groups in the LDAP accessible server
configure VCS for LDAP operation
A user, logging in to the VCS for administrator access or to configure FindMe (depending on how the
VCS has been configured) will be authenticated using the LDAP server credentials.
VCS has been configured) will be authenticated using the LDAP server credentials.
Both the username and password are case sensitive.