Cisco Cisco TelePresence Video Communication Server Expressway 관리 매뉴얼
Field
Description
Usage tips
SASL
The SASL (Simple Authentication and Security
Layer) mechanism to use when binding to the LDAP
server.
Layer) mechanism to use when binding to the LDAP
server.
None: no mechanism is used.
DIGEST-MD5: the DIGEST-MD5 mechanism is
used.
used.
The default is DIGEST-MD5.
Enable Simple Authentication and
Security Layer if it is company policy to
do so.
Security Layer if it is company policy to
do so.
Bind
username
username
Username of the account that the VCS will use to log
in to the LDAP server (case sensitive).
in to the LDAP server (case sensitive).
Only required if SASL is enabled.
Configure this to be the
sAMAccountName; Security Access
Manager Account Name (in AD this is the
account’s user logon name).
sAMAccountName; Security Access
Manager Account Name (in AD this is the
account’s user logon name).
Directory configuration
: this section specifies the base distinguished names to use when searching for account
and group names.
Base DN for
accounts
accounts
The ou= and dc= definition of the Distinguished
Name where a search for user accounts should start
in the database structure (case insensitive).
Name where a search for user accounts should start
in the database structure (case insensitive).
It is important to specify the DN in the order ou=,
then dc=
then dc=
This is for authentication of both
administrator login and user login
requests.
administrator login and user login
requests.
The Base DN for accounts and groups
must be at or below the dc level (include
all dc= values and ou= values if
necessary). LDAP authentication does
not look into sub dc accounts, only lower
ou= and cn= levels.
must be at or below the dc level (include
all dc= values and ou= values if
necessary). LDAP authentication does
not look into sub dc accounts, only lower
ou= and cn= levels.
Base DN for
groups
groups
The ou= and dc= definition of the Distinguished
Name where a search for groups should start in the
database structure (case insensitive).
Name where a search for groups should start in the
database structure (case insensitive).
It is important to specify the DN in the order ou=,
then dc=
then dc=
This is for authorization of an
authenticated user to log in as an
administrator or to log in to a user
account.
authenticated user to log in as an
administrator or to log in to a user
account.
If no Base DN for groups is specified,
then the Base DN for accounts will be
used for both groups and accounts.
then the Base DN for accounts will be
used for both groups and accounts.
Checking the LDAP server connection status
The status of the connection to LDAP server is displayed at the bottom of the page.
State = Active
No error messages are displayed.
State = Failed
The following error messages may be displayed:
Error message
Reason / resolution
DNS unable to do reverse lookup
Reverse DNS lookup is required for SASL authentication.
DNS unable to resolve LDAP server
address
address
Check that a valid DNS server is configured, and check the spelling of
the LDAP server address.
the LDAP server address.
Cisco TelePresence Video Communication Server Administrator Guide (X8.5.2)
Page 305 of 567
User accounts
Configuring remote account authentication using LDAP