Cisco Cisco TelePresence Video Communication Server Expressway 관리 매뉴얼
Device authentication
Cisco VCS Administrator Guide (X7.1)
Page 104 of 479
Device authentication using LDAP
The
Device LDAP configuration
page (
VCS configuration > Authentication > Devices > LDAP
configuration
) is used to configure a connection to the LDAP database used during device authentication.
Authentication process
If the VCS is using an LDAP server for authentication, the process is as follows:
1. The endpoint presents its username and authentication credentials (these are generated using its
password) to the VCS, and the aliases with which it wants to register.
2. The VCS looks up the username in the LDAP database and obtains the authentication and alias
information for that entry.
3. If the authentication credentials match those supplied by the endpoint, the registration will continue.
The VCS then determines which aliases the endpoint is allowed to attempt to register with, based on the
Alias origin setting. For H.323 endpoints, you can use this setting to override the aliases presented by the
endpoint with those in the H.350 directory, or you can use them in addition to the endpoint’s aliases. For SIP
endpoints, you can use this setting to reject a registration if the endpoint’s AOR does not match that in the
LDAP database.
Alias origin setting. For H.323 endpoints, you can use this setting to override the aliases presented by the
endpoint with those in the H.350 directory, or you can use them in addition to the endpoint’s aliases. For SIP
endpoints, you can use this setting to reject a registration if the endpoint’s AOR does not match that in the
LDAP database.
Configuring the LDAP server directory
The directory on the LDAP server should be configured to implement the
to store
credentials for devices with which the VCS communicates. The directory should also be configured with the
aliases of endpoints that will register with the VCS. See
aliases of endpoints that will register with the VCS. See
for
instructions on configuring LDAP servers.
LDAP server settings
The configurable options are:
Field
Description
Usage tips
LDAP
server
server
The IP address or FQDN (or server address, if a DNS
Domain name has also been configured) of the LDAP
server.
Domain name has also been configured) of the LDAP
server.
Port
The IP port of the LDAP server. Typically, non-secure
connections use 389 and secure connections use 636.
The default is 389.
connections use 389 and secure connections use 636.
The default is 389.
Encryption Determines whether the connection to the LDAP server
is encrypted using Transport Layer Security (TLS).
n
TLS: TLS encryption is used for the connection to the
LDAP server.
LDAP server.
n
Off: no encryption is used.
The default is Off.
If you are connecting to an LDAP
database using TLS encryption, you
need to upload the trusted CA certificate
for the LDAP server. Click
database using TLS encryption, you
need to upload the trusted CA certificate
for the LDAP server. Click
Upload a CA
certificate file for TLS
to go to the
page.