Openldap; Prerequisites; Installing The H.350 Schemas; Adding H.350 Objects - TANDBERG VCS Administration Manual

Video communication server

Hide thumbs Also See for VCS:

Administrator's manual (276 pages)

Getting started (10 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

page of 187

/ 187
Contents
Table of Contents
Bookmarks

Table of Contents

LDAP Configuration

Text goes here

Prerequisites

These instructions assume that an OpenLDAP server has

already been installed. For details on installing OpenLDAP see

the documentation at http://www.openldap.org.

The following examples use a standard OpenLDAP installation

on the Linux platform. For installations on other platforms the

location of the OpenLDAP configuration files may be different.

See the OpenLDAP installation documentation for details.

Installing the H.350 Schemas

Copy the OpenLDAP files to the OpenLDAP schema directory:

/etc/openldap/schemas/commobject.ldif

/etc/openldap/schemas/h323identity.ldif

/etc/openldap/schemas/h235identity.ldif

/etc/openldap/schemas/sipidentity.ldif

/etc/openldap/slapd.conf

Edit

schemas. You will need to add the following lines:

include /etc/openldap/schemas/commobject.ldif

include /etc/openldap/schemas/h323identity.

ldif

include /etc/openldap/schemas/h235identity.

ldif

include /etc/openldap/schemas/sipidentity.ldif

The OpenLDAP daemon (slapd) must be restarted for the new

schemas to take effect.

Getting

System

Introduction

Started

Overview

D 14049.01

07.2007

Adding H.350 Objects

Create the Organizational Hierarchy

Create an

# This example creates a single

# organizational unit to contain the H.350

# objects

dn: ou=h350,dc=my-domain,dc=com

objectClass: organizationalUnit

ou: h350

Add the ldif file to the server using the command:

slapadd -l <ldif _ file>

This organizational unit will form the BaseDN to which the

VCS will issue searches. In this example the BaseDN will be:

ou=h350,dc=my-domain,dc=com.

It is good practice to keep the H.350 directory in its own

organizational unit to separate out H.350 objects from

other types of objects. This allows access controls to be

setup which only allow the VCS read access to the BaseDN and

therefore limit access to other sections of the directory.

to add the new

Securing with TLS

The connection to the LDAP server can be encrypted by enabling

Transport Level Security (TLS) on the connection. To do this you

must create an X.509 certificate for the LDAP server to allow

the VCS to verify the server's identity. Once the certificate has

been created you will need to install the following three files

associated with the certificate onto the LDAP server:

•

The certificate for the LDAP server.

•

The private key for the LDAP server.

•

The certificate of the Certificate Authority (CA) that was used

to sign the LDAP server's certificate.

All three files should be in PEM file format.

The LDAP server must be configured to use the certificate. To do

this:

System

H.323 & SIP

Configuration

OpenLDAP

ldif

file with the following contents:

Registration

Zones and

Control

Neighbors

Processing

TANDBERG

Add the H.350 Objects

ldif

Create an

file with the following contents:

# MeetingRoom1 endpoint

dn: commUniqueId=comm1,ou=h350,dc=my-

domain,dc=com

objectClass: commObject

objectClass: h323Identity

objectClass: h235Identity

commUniqueId: comm1

h323Identityh323-ID: MeetingRoom1

h323IdentitydialedDigits: 626262

h235IdentityEndpointID: meetingroom1

h235IdentityPassword: mypassword

ldif

Add the

file to the server using the command:

slapadd -l <ldif _ file>

This will add a single H.323 endpoint with an H.323 Id alias

MeetingRoom1

and an E.164 alias of 626262. The entry

also has H.235 credentials of id meetingroom1 and password

mypassword which are used during authentication.

/etc/openldap/slapd.conf

Edit

three lines:

TLSCACertificateFile <path to CA certificate>

TLSCertificateFile <path to LDAP server

certificate>

TLSCertificateKeyFile <path to LDAP private

key>

The OpenLDAP daemon (slapd) must be restarted for the TLS

settings to take effect.

To configure the VCS to use TLS on the connection to the LDAP

server you must upload the CA's certificate as a trusted CA

certificate. This can be done on the VCS by navigating to:

•

Maintenance > Security.

Call

Firewall

Bandwidth

Traversal

Control

VIDEO COMMUNICATION SERVER

ADMINISTRATOR GUIDE

and add the following

Maintenance

Appendices

Table of Contents

Openldap; Prerequisites; Installing The H.350 Schemas; Adding H.350 Objects - TANDBERG VCS Administration Manual

Prerequisites

Installing the H.350 Schemas

Adding H.350 Objects

Securing with TLS

OpenLDAP

Related Manuals for TANDBERG VCS

Related Content for TANDBERG VCS

Table of Contents