Download  Print this page

Openldap; Prerequisites; Installing The H.350 Schemas; Adding H.350 Objects - TANDBERG VCS Administration Manual

Video communication server
Hide thumbs

Advertisement

LDAP Configuration
Text goes here

Prerequisites

These instructions assume that an OpenLDAP server has
already been installed. For details on installing OpenLDAP see
the documentation at http://www.openldap.org.
The following examples use a standard OpenLDAP installation
on the Linux platform. For installations on other platforms the
location of the OpenLDAP configuration files may be different.
See the OpenLDAP installation documentation for details.

Installing the H.350 Schemas

Copy the OpenLDAP files to the OpenLDAP schema directory:
.
/etc/openldap/schemas/commobject.ldif
/etc/openldap/schemas/h323identity.ldif
/etc/openldap/schemas/h235identity.ldif
/etc/openldap/schemas/sipidentity.ldif
/etc/openldap/slapd.conf
.
Edit
schemas. You will need to add the following lines:
include /etc/openldap/schemas/commobject.ldif
include /etc/openldap/schemas/h323identity.
ldif
include /etc/openldap/schemas/h235identity.
ldif
include /etc/openldap/schemas/sipidentity.ldif
The OpenLDAP daemon (slapd) must be restarted for the new
schemas to take effect.
Getting
System
Introduction
Started
Overview
D 14049.01
07.2007

Adding H.350 Objects

Create the Organizational Hierarchy
Create an
.
# This example creates a single
# organizational unit to contain the H.350
# objects
dn: ou=h350,dc=my-domain,dc=com
objectClass: organizationalUnit
ou: h350
.
Add the ldif file to the server using the command:
slapadd -l <ldif _ file>
This organizational unit will form the BaseDN to which the
VCS will issue searches. In this example the BaseDN will be:
ou=h350,dc=my-domain,dc=com.
It is good practice to keep the H.350 directory in its own
organizational unit to separate out H.350 objects from
other types of objects. This allows access controls to be
setup which only allow the VCS read access to the BaseDN and
therefore limit access to other sections of the directory.
to add the new

Securing with TLS

The connection to the LDAP server can be encrypted by enabling
Transport Level Security (TLS) on the connection. To do this you
must create an X.509 certificate for the LDAP server to allow
the VCS to verify the server's identity. Once the certificate has
been created you will need to install the following three files
associated with the certificate onto the LDAP server:
The certificate for the LDAP server.
The private key for the LDAP server.
The certificate of the Certificate Authority (CA) that was used
to sign the LDAP server's certificate.
All three files should be in PEM file format.
The LDAP server must be configured to use the certificate. To do
this:
System
H.323 & SIP
Configuration
Configuration

OpenLDAP

ldif
file with the following contents:
Registration
Zones and
Control
Neighbors
Processing
8
TANDBERG
TANDBERG
Add the H.350 Objects
ldif
.
Create an
file with the following contents:
# MeetingRoom1 endpoint
dn: commUniqueId=comm1,ou=h350,dc=my-
domain,dc=com
objectClass: commObject
objectClass: h323Identity
objectClass: h235Identity
commUniqueId: comm1
h323Identityh323-ID: MeetingRoom1
h323IdentitydialedDigits: 626262
h235IdentityEndpointID: meetingroom1
h235IdentityPassword: mypassword
ldif
Add the
.
file to the server using the command:
slapadd -l <ldif _ file>
This will add a single H.323 endpoint with an H.323 Id alias
of
MeetingRoom1
and an E.164 alias of 626262. The entry
also has H.235 credentials of id meetingroom1 and password
mypassword which are used during authentication.
/etc/openldap/slapd.conf
.
Edit
three lines:
TLSCACertificateFile <path to CA certificate>
TLSCertificateFile <path to LDAP server
certificate>
TLSCertificateKeyFile <path to LDAP private
key>
The OpenLDAP daemon (slapd) must be restarted for the TLS
settings to take effect.
To configure the VCS to use TLS on the connection to the LDAP
server you must upload the CA's certificate as a trusted CA
certificate. This can be done on the VCS by navigating to:
Maintenance > Security.
Call
Firewall
Bandwidth
Traversal
Control
VIDEO COMMUNICATION SERVER
VIDEO COMMUNICATION SERVER
ADMINISTRATOR GUIDE
ADMINISTRATOR GUIDE
and add the following
Maintenance
Appendices
Appendices

Advertisement

Table of Contents
loading

  Also See for TANDBERG VCS

  Related Manuals for TANDBERG VCS