Cisco Cisco TelePresence Video Communication Server Expressway 관리 매뉴얼
Configuring remote account authentication using
LDAP
LDAP
The
LDAP configuration
page (
Users > LDAP configuration
) is used to configure an LDAP connection to
a remote directory service for administrator account authentication. It can also provide user account
authentication if you are using FindMe without Cisco TMS.
authentication if you are using FindMe without Cisco TMS.
The configurable options are:
Field
Description
Usage tips
Remote account authentication
: this section allows you to enable or disable the use of LDAP for remote account
authentication.
Administrator
authentication
source
authentication
source
Defines where administrator login credentials are
authenticated.
authenticated.
Local only: credentials are verified against a local
database stored on the system.
database stored on the system.
Remote only: credentials are verified against an
external credentials directory.
external credentials directory.
Both: credentials are verified first against a local
database stored on the system, and then if no
matching account is found the external credentials
directory is used instead.
database stored on the system, and then if no
matching account is found the external credentials
directory is used instead.
The default is Local only.
Both allows you to continue to use
locally-defined accounts. This is useful
while troubleshooting any connection or
authorization issues with the LDAP
server.
locally-defined accounts. This is useful
while troubleshooting any connection or
authorization issues with the LDAP
server.
You cannot log in using a locally-
configured administrator account,
including the default admin account, if
Remote only authentication is in use.
Note: do not use Remote only if VCS is
managed by Cisco TMS.
configured administrator account,
including the default admin account, if
Remote only authentication is in use.
Note: do not use Remote only if VCS is
managed by Cisco TMS.
FindMe
authentication
source
authentication
source
Defines where FindMe account credentials are
authenticated:
authenticated:
Remote: credentials are verified against an external
credentials directory (the VCS currently supports
only Windows Active Directory).
credentials directory (the VCS currently supports
only Windows Active Directory).
Local: credentials are verified against a local
database stored on the VCS.
database stored on the VCS.
The default is Local.
This option applies only if you are using
FindMe without Cisco TMS.
FindMe without Cisco TMS.
LDAP server configuration
: this section specifies the connection details to the LDAP server.
FQDN
address
resolution
address
resolution
Defines how the LDAP server address is resolved.
SRV record: DNS SRV record lookup.
Address record: DNS A or AAAA record lookup.
IP address: entered directly as an IP address.
The default is Address record.
Note: if you use SRV records, ensure that the
records use the standard ports for LDAP. _ldap._
tcp.<domain>
records use the standard ports for LDAP. _ldap._
tcp.<domain>
must use 389 and _ldaps._
tcp.<domain>
must use 636. The VCS does not
support other port numbers for LDAP.
The SRV lookup is for either _ldap._tcp
or _ldaps._tcp records, depending on
whether Encryption is enabled. If
multiple servers are returned, the priority
and weight of each SRV record
determines the order in which the
servers are used.
or _ldaps._tcp records, depending on
whether Encryption is enabled. If
multiple servers are returned, the priority
and weight of each SRV record
determines the order in which the
servers are used.
Cisco TelePresence Video Communication Server Administrator Guide (X8.5.2)
Page 303 of 567
User accounts
Configuring remote account authentication using LDAP