Cisco Cisco TelePresence Video Communication Server Expressway 관리 매뉴얼
Field
Description
Usage tips
Base DN for
groups
groups
The ou= and dc= definition of the Distinguished Name
where a search for groups should start in the
database structure (case insensitive).
where a search for groups should start in the
database structure (case insensitive).
It is important to specify the DN in the order ou=, then
dc=
dc=
This is for authorization of an
authenticated user to log in as an
administrator or to log in to a user
account.
If no Base DN for groups is specified,
then the Base DN for accounts will be
used for both groups and accounts.
authenticated user to log in as an
administrator or to log in to a user
account.
If no Base DN for groups is specified,
then the Base DN for accounts will be
used for both groups and accounts.
Checking the LDAP Server Connection Status
The status of the connection to LDAP server is displayed at the bottom of the page.
State = Active
No error messages are displayed.
State = Failed
The following error messages may be displayed:
Error message
Reason / resolution
DNS unable to do reverse lookup
Reverse DNS lookup is required for SASL authentication.
DNS unable to resolve LDAP server
address
address
Check that a valid DNS server is configured, and check the spelling of the
LDAP server address.
LDAP server address.
Failed to connect to LDAP server.
Check server address and port
Check server address and port
Check that the LDAP server details are correct.
Failed to setup TLS connection.
Check your CA certificate
Check your CA certificate
CA certificate, private key and server certificate are required for TLS.
Failure connecting to server. Returned
code<return code>
code<return code>
Other non-specific problem.
Invalid Base DN for accounts
Check Base DN for accounts; the current value does not describe a valid
part of the LDAP directory.
part of the LDAP directory.
Invalid server name or DNS failure
DNS resolution of the LDAP server name is failing.
Invalid bind credentials
Check Bind DN and Bind password, this error can also be displayed if
SASL is set to DIGEST-MD5 when it should be set to None.
SASL is set to DIGEST-MD5 when it should be set to None.
Invalid bind DN
Check Bind DN; the current value does not describe a valid account in the
LDAP director.
LDAP director.
This failed state may be wrongly reported if the Bind DN is 74 or more
characters in length. To check whether there is a real failure or not, set up
an administrator group on the VCS using a valid group name. If VCS
reports “saved” then there is not a problem (the VCS checks that it can
find the group specified). If it reports that the group cannot be found then
either the Bind DN is wrong, the group is wrong or one of the other
configuration items may be wrong.
characters in length. To check whether there is a real failure or not, set up
an administrator group on the VCS using a valid group name. If VCS
reports “saved” then there is not a problem (the VCS checks that it can
find the group specified). If it reports that the group cannot be found then
either the Bind DN is wrong, the group is wrong or one of the other
configuration items may be wrong.
There is no CA certificate installed
CA certificate, private key and server certificate are required for TLS.
Unable to get configuration
LDAP server information may be missing or incorrect.
272
Cisco TelePresence Video Communication Server Administrator Guide