Table of Contents
Advertisement
Grey Headline (continued)
Login accounts
Configuring LDAP server settings
The Login account LDAP configuration page
is used to configure an LDAP connection to a
remote directory service for administrator and/
or user account authentication.
To go to the Login account LDAP configuration
page:
•
Maintenance > Login accounts > LDAP
configuration.
To configure account LDAP settings using the
CLI:
xConfiguration Login Remote LDAP
•
LDAP server configuration
This section specifies the connection details to
the LDAP server.
Server address
The IP address or FQDN (or server address, if a
DNS Domain Name has also been configured) of
the LDAP server hosting the database.
FQDN address resolution
If the Server address is an FQDN, this controls
how it is resolved by the DNS server:
Address record: performs a DNS A or AAAA
record lookup.
SRV record: performs a DNS SRV lookup. The
advantage of using SRV records is that multiple
(primary and backup) servers can be specified.
Port
The IP port to use on the LDAP server, typically
389 for non-TLS, and 636 if TLS encryption is
enabled.
Overview and
System
Introduction
status
configuration
D14049.07
March 2010
Account authentication using LDAP
Encryption
Determines whether the connection to the
LDAP server is encrypted using Transport Layer
Security (TLS).
TLS: uses TLS Encryption for the connection to
the LDAP server.
Off: no encryption is used.
The default is Off.
Certificate revocation list (CRL) checking
Specifies whether certificate revocation lists
(CRLs) are checked when forming a TLS
connection with the LDAP server.
Note that CRL data is uploaded to the VCS via
the trusted CA certificate PEM file.
None: no CRL checking is performed.
Peer: only the CRL associated with the CA that
issued the LDAP server's certificate is checked.
All: all CRLs in the trusted certificate chain of
the CA that issued the LDAP server's certificate
are checked.
The default is None.
Authentication configuration
This section specifies the VCS's authentication
credentials to use when binding to the LDAP
server.
VCS bind DN
The distinguished name used by the VCS when
binding to the LDAP server.
VCS bind password
The password used by the VCS when binding to
the LDAP server. The maximum plaintext length
is 60 characters, which is then encrypted.
VCS
Zones and
Clustering and
configuration
neighbors
peers
SASL
The SASL (Simple Authentication and Security
Layer) mechanism to use when binding to the
LDAP server.
None: no mechanism is used.
DIGEST-MD5: the DIGEST-MD5 mechanism is
used.
The default is DIGEST-MD5.
VCS bind username
The username used by the VCS when binding to
the LDAP server with SASL.
Directory configuration
This section specifies the base distinguished
names to use when searching for account and
group names.
Base DN for accounts
The distinguished name to use as the base
when searching for administrator and user
accounts.
Base DN for groups
The distinguished name to use as the base
when searching for administrator and user
groups.
Connection status
The current status of the connection to the
specified LDAP server is displayed at the bottom
of the page.
To use LDAP for account authentication,
you must also go to the
Login account
authentication configuration
select a Remote administrator or FindMe
authentication source.
Call
Bandwidth
processing
control
165
TANDBERG
VIDEO COMMUNICATION SERVER
TLS encryption and CRL checking
The link Upload a CA Certificate file for TLS
takes you to the Security certificates page,
where you can upload a file containing the
trusted CA certificate for the LDAP server. This
is required if the connection between the VCS
and the LDAP server is encrypted.
The CA certificate file should also contain any
required CRL data.
See the
Security certificates
information.
See the
TANDBERG Deployment Guide
- Authenticating VCS accounts using
LDAP [30]
for more details on
configuring an LDAP server, including
help on specifying distinguished
names for searching the database.
You can also use LDAP for device
authentication. For more details, see
Device authentication using
page and
Firewall
Applications
Maintenance
traversal
ADMINISTRATOR GUIDE
section for more
LDAP.
Appendices
Advertisement
Table of Contents
