Using An H.350 Directory Service Lookup Via Ldap - Cisco TelePresence Administrator's Manual
Video communication server
Hide thumbs
Also See for TelePresence:
- Administrator's manual (498 pages) ,
- Manual (24 pages) ,
- Specifications (7 pages)
Table of Contents
Advertisement
Device authentication
Using an H.350 directory service lookup via LDAP
The
Device authentication H.350 configuration
H.350 directory
service) is used to configure a connection via LDAP to an H.350 directory service. An
H.350 directory service lookup can be used for authenticating any endpoint, SIP and H.323.
H.350 directory authentication and registration process
If the VCS is using an H.350 directory service to authenticate registration requests, the process is as
follows:
1. The endpoint presents its username and authentication credentials to the VCS, and the aliases with which
it wants to register.
2. The VCS then determines which aliases the endpoint is allowed to attempt to register with, based on the
Source of aliases for registration setting. For H.323 endpoints, you can use this setting to override the
aliases presented by the endpoint with those in the H.350 directory, or you can use them in addition to the
endpoint's aliases. For SIP endpoints, you can use this setting to reject a registration if the endpoint's
AOR does not match that in the H.350 directory. The options are:
H.350 directory: for SIP registrations the AOR presented by the endpoint is registered providing it is
l
listed in the H.350 directory for the endpoint's username.
For H.323 registrations:
At least one of the aliases presented by the endpoint must be listed in the H.350 directory for that
o
endpoint's username. If none of the presented aliases are listed it is not allowed to register.
The endpoint will register with all of the aliases (up to a maximum of 20) listed in the H.350 directory.
o
Aliases presented by the endpoint that are not in the H.350 directory will not be registered.
If no aliases are listed in the H.350 directory, the endpoint will register with all the aliases it
o
presented.
If no aliases are presented by the endpoint, it will register with all the aliases listed in the H.350
o
directory for its username.
Combined: the aliases presented by the endpoint are used in addition to any listed in the H.350 directory
l
for the endpoint's username. In other words, this is the same as for H.350 directory, except that if an
endpoint presents an alias that is not in the H.350 directory, it will be allowed to register with that alias.
Endpoint: the aliases presented by the endpoint are used; any in the H.350 directory are ignored. If no
l
aliases are presented by the endpoint, it is not allowed to register.
The default is H.350 directory.
Note that if the authentication policy is Do not check credentials or Treat as authenticated, then the Source
of aliases for registration setting is ignored and the aliases presented by the endpoint are used.
Configuring the LDAP server directory
The H.350 directory on the LDAP server should be configured to implement the
should store credentials for devices with which the VCS communicates, and the aliases of endpoints that will
register with the VCS.
1. Download the required H.350 schemas from the VCS
H.350 directory
schemas) and install them on the LDAP server.
2. Configure the directory with the aliases of endpoints that will register with the VCS.
See
LDAP server configuration for device authentication [p.377]
servers.
Cisco VCS Administrator Guide (X8.1.1)
page
(Configuration > Authentication > Devices >
(Configuration > Authentication > Devices >
for instructions on configuring LDAP
About device authentication
ITU H.350
specification. it
Page 120 of 507
Advertisement
Table of Contents
