Pelco GW5000 Appendix D: Working with Multiple Gateways

38 C2694M (7/08)

Appendix D: Working with Multiple Gateways

You can set up multiple gateways if your network includes Active Directory. The Active Directory is used to provide a global authentication of the

user and to control the assignment of gateways to the user. To perform these functions, a new attribute called ‘pelco-gatewayURL’ stores the

gateway URL. This attribute must be attached to the gateway computer and the user classes. A computer object must be cre ated for each

gateway in the system. The ‘pelco-gatewayURL’ attribute must contain the URL of the gateway.

For each user in the Endura system that requires global authentication privileges (LDAP privileges), a use r object must be created in the Active

Directory with a matching user name (cn and name attributes) and password. The ‘pelco-gatewayURL’ attribute of the user object will contain the

name of a gateway (Computer) for which the user will have access rights. This attribute is multi-valued because th e user may access multiple

gateway addresses. Each approved gateway will have a unique ‘pelco-gatewayURL’ attribute in the user object.

The gateway Web client retrieves the approved user gateways from the Network Directory and displays them in the Gateways list on the main

page. The user will be able to connect to each of these gateways. Any attempt to connect to a gateway that is not in cluded in the user’s Active

Directory object is blocked by they system.

Gateways can be added to the user through the Web client user configuration page. The list of available gateways will be retrieved from the

computer objects within the Active Directory. Computers that are gateways will be differentiated from other computers by adding the string

“Gateway” into the computer name (cn) of the computer.

1. Using an Active Directory schema tool, add the following attribute to the schema:

•Common Name: “pelco-gatewayURL”

•LDAP Display Name: “pelco-gatewayURL”

•Unique X.500 OID: 1.2.840.113556.1.8000.2554.34841.37317.27532.19387.44722.89 50900.4516993

•Syntax: “Case Insensitive String”

•Minimum: “1”

•Maximum: “256”

2. Check multi-valued.

3. After creating the attribute, add the attribute to the user and computer classes.

For each Endura user who will use the Endura Web client, an identical user account must be created in the Active Directory. This user account

must contain the same user name and password that was created in the Endura system. An additional user account must be set up in the Active

Directory for the gateway itself.

1. If you have not already done so, configure the network directory interface from the Web client. Refer to Configuring the Network Directory

Interface on page26.

2. On the server computer, open the Active Directory and add a new user with the following attributes:

•Common name: cn=[Endurausername]

•Name: Enter the user name that was set up in the Endura system.

•Password: Enter the password of the user that was set up in the Endura system.

3. Repeat these steps for each Endura user.

4. Create a user account for the gateway. This account must have administrator permissions. If there is more than one gateway in the system,

a single account can be used by both gateways.

1. On the server computer, open the Active Directory.

2. Add a computer entry for each gateway. Include the word “Gateway” in the computer name.

WARNING: Incorrectly altering the Active Directory schema can cause serious damage to your server. Do not attempt to modify this

schema unless you are experienced in LDAP access protocol and Active Directory.