Authentication Using Ldap; Overview; Configuring The Ldap Server Directory; Securing The Ldap Connection With Tls - TANDBERG Video Communication Server Administrator's Manual

Grey Headline (continued)
Registration control

Overview

If the VCS is using an LDAP server for authentication, the process is as follows:
1. The endpoint presents its username and authentication credentials (these are generated using
its password) to the VCS, and the alias(es) with which it wishes to register
2. The VCS looks up the username in the LDAP database and obtains the authentication and alias
information for that entry.
3. If the authentication credentials match those supplied by the endpoint, the registration will
continue.
The VCS will then determine which alias(es) the endpoint will be allowed to attempt to register with,
based on the alias origin setting. For H.323 endpoints, you can use this setting to override the
aliases presented by the endpoint with those in the H.350 directory, or you can use them in addition
to the endpoint's aliases. For SIP endpoints, you can use this setting to reject a registration if the
endpoint's AOR does not match that in the LDAP database.
Configuring the LDAP server directory
The directory on the LDAP server should be configured to implement the
to store credentials for devices with which the VCS communicates. The directory should also be
configured with the aliases of endpoints that will register with the VCS.
For instructions on how to configure common LDAP servers, see the Appendix
Configuration.
Overview and
Introduction Getting started
status
D14049.05
February 2009

Authentication using LDAP

ITU H.350 specification [2]
LDAP
System VCS Zones and
configuration configuration neighbors

Securing the LDAP connection with TLS

The traffic between the VCS and the LDAP server can be encrypted using Transport Layer Security
(TLS).
To use TLS:
•
LDAP Encryption must be set to TLS
•
the LDAP server must have a valid certificate installed, verifying its identity
•
The VCS must trust the certificate installed on the LDAP server.
The link Upload a CA Certificate file for TLS
a file that contains the trusted CA certificate for the LDAP server. This is required if the connection
between the VCS and the LDAP server is encrypted.
For more information on how to configure the VCS to trust the certificate installed on the LDAP
server, see the Security section.
TLS can be difficult to configure, so we recommend that you confirm that your LDAP
!
database is working correctly before you attempt to secure the connection with TLS. We
also recommend that you use a third party LDAP browser to verify that your LDAP server is
correctly configured to use TLS.
Call Bandwidth
processing control
66
TANDBERG VIDEO COMMUNICATIONS SERVER
will take you to the Security page, where you can upload
Firewall
Applications Maintenance
traversal
ADMINISTRATOR GUIDE
Appendices