Polycom CMA System Operations Guide

Security: Local accounts have their own passwords, which are stored on the CMA system. Active Directory user accounts maintain the same users' Active Directory credentials and password complexity policies, which are validated by the domain controllers.

How Global Catalog Searches Work

When you integrate the CMA system with Active Directory, you can configure it to integrate in one of two ways:

It can access a specific global catalog server by host name or IP address (not recommended, due to a lack of redundancy).

If you select this option, the domain name that you specify for the CMA system must match the DNS name suffix of the Global Catalog server (example: dc1.polycom.com configured as the Global Catalog, then you must enter polycom.com as the domain name of the CMA system server).

It can auto-discover the server by querying the DNS for the closest Global Catalog server (strongly recommended).

If you select this option, you can specify any domain in the Active Directory forest in the Domain Name criteria for the CMA system server. The DNS server must contain Active Directory-specific entries.

It is recommended that you enter the forest root DNS domain name.

When configured to auto-discover the server, every time the CMA system needs to bind to a Global Catalog server for LDAP queries, the CMA system performs the following.

Uses Microsoft's LDAP Ping mechanism to determine the site in which the system is located.

Uses a DNS SRV record query to find a Global Catalog server within the same site.

Connects to the Global Catalog on the domain controller and queries for the object in question and any relevant information (such as GUID, userID, name, phone number).

You can secure the connection between the CMA system and the Active Directory server's Global Catalog using LDAP-S(via outbound TCP/UDP port 3269) or Start TLS (via outbound 3268 TCP/UDP). To implement the secure connection, the appropriate ports must be open on any network equipment between the Global Catalog and the CMA system.

358

Polycom, Inc.

Page 378
Image 378
Polycom 3725-77601-001H manual How Global Catalog Searches Work