Cisco TelePresence Administrator's Manual page 381
Video communication server
Hide thumbs
Also See for TelePresence:
- Administrator's manual (498 pages) ,
- Manual (24 pages) ,
- Specifications (7 pages)
Table of Contents
Advertisement
Reference material
It is good practice to keep the H.350 directory in its own organizational unit to separate out H.350 objects
from other types of objects. This allows access controls to be setup which only allow the VCS read access
to the BaseDN and therefore limit access to other sections of the directory.
Note: the SIP URI in the ldif file must be prefixed by sip:
Add the H.350 objects:
1. Create an ldif file with the following contents:
# MeetingRoom1 endpoint
dn: commUniqueId=comm1,ou=h350,dc=mydomain,dc=com
objectClass: commObject
objectClass: h323Identity
objectClass: h235Identity
objectClass: SIPIdentity
commUniqueId: comm1
h323Identityh323-ID: MeetingRoom1
h323IdentitydialedDigits: 626262
h235IdentityEndpointID: meetingroom1
h235IdentityPassword: mypassword
SIPIdentityUserName: meetingroom1
SIPIdentityPassword: mypassword
SIPIdentitySIPURI: sip:MeetingRoom@domain.com
2. Add the ldif file to the server via slapadd using the format:
slapadd -l <ldif_file>
The example above will add a single endpoint with an H.323 ID alias of MeetingRoom1, an E.164 alias of
626262 and a SIP URI of MeetingRoom@domain.com. The entry also has H.235 and SIP credentials of
ID meetingroom1 and password mypassword which are used during authentication.
H.323 registrations will look for the H.323 and H.235 attributes; SIP will look for the SIP attributes. Therefore
if your endpoint is registering with just one protocol you do not need to include elements relating to the other.
For information about what happens when an alias is not in the LDAP database see Source of aliases for
registration in the
Using an H.350 directory service lookup via LDAP [p.120]
Securing with TLS
The connection to the LDAP server can be encrypted by enabling Transport Level Security (TLS) on the
connection. To do this you must create an X.509 certificate for the LDAP server to allow the VCS to verify
the server's identity. After the certificate has been created you will need to install the following three files
associated with the certificate onto the LDAP server:
the certificate for the LDAP server
n
the private key for the LDAP server
n
the certificate of the Certificate Authority (CA) that was used to sign the LDAP server's certificate
n
All three files should be in PEM file format.
The LDAP server must be configured to use the certificate. To do this:
Edit /etc/openldap/slapd.conf and add the following three lines:
n
TLSCACertificateFile <path to CA certificate>
TLSCertificateFile <path to LDAP server certificate>
TLSCertificateKeyFile <path to LDAP private key>
Cisco VCS Administrator Guide (X8.1.1)
LDAP server configuration for device authentication
section.
Page 381 of 507
Advertisement
Table of Contents
Related Manuals for Cisco TelePresence
Related Products for Cisco TelePresence
- Cisco TelePresence Video Communication Server
- Cisco TD 92322GB
- Cisco TS MSE 8710
- Cisco TELEPRESENCE CALL DETAIL RECORDS FILE FORMAT -
- Cisco TELEPRESENCE MCU ACCESSING CONFERENCES -
- Cisco TelePresence System Codec C90: Profile 65"
- Cisco TELEPRESENCE MANAGEMENT SUITE
- Cisco TelePresence VX Clinical Assistant