D 14049.01
07.2007 181
TANDBERG VIDEO COMMUNICATION SERVER
ADMINISTRATOR GUIDE
Text goes here
Introduction Getting
Started
System
Overview
System
Configuration
H.323 & SIP
Configuration
Registration
Control
Zones and
Neighbors
Call
Processing
Firewall
Traversal
Bandwidth
Control Maintenance Appe ndices
TANDBERG VIDEO COMMUNICATION SERVER
ADMINISTRATOR GUIDE
Appendices
LDAP Conguration
Adding H.350 Objects Create the Organizational Hie rarchy
Open up the Active Director y Users and Computers MM C
snap-in.
Under your BaseDN right- click and select New Organiz ational
Unit.
Create an Organizational unit c alled h350.
It is good practice to keep the H.3 50 directory in its own
organizational unit to separa te out H.350 objects from
other types of objects. Th is allows access controls to be
setup which only allow the VCS read ac cess to the BaseDN and
therefore limit access to other s ections of the director y.
Add the H.350 Objects
Create an ldif file with the followin g contents:
# MeetingRoom1 endpoint
dn: commUniqueId=com m1,ou=h350,DC=X
objectClass: commObject
1.
2.
3.
1.
objectClass: h323Identity
objectClass: h235Identity
commUniqueId: comm1
h323Identityh323-ID: MeetingRoom1
h323IdentitydialedDigits: 626262
h235IdentityEndpointID: meetingroom1
h235IdentityPassword: mypassword
Add the ldif file to the serve r using the command:
ldifde -i -c DC=X <ldap _base> -f filename.
ldf
where:
<ldap _ base> is the base DN of your Activ e Directory
Server.
The example above will add a single H. 323 endpoint with an
H.323 Id alias of MeetingRoom1 and an E.164 a lias of 626262.
The entry also has H.235 cred entials of id meetingroom1 and
password mypassword which ar e used during authenticati on.
2.
Prerequisites These step-by-ste p instructions assume that A ctive Directory
has already been installed. For d etails on installing Active
Directory please consult y our Windows documentatio n.
The following instructions a re for Windows Server 2003
Enterprise Edition. If you are not us ing this version of Windows,
your instructions may var y.
Securing with TLS To enable Active Directory to use T LS, you must request and install a c ertificate on the Act ive Directory serve r. The certificate must
meet the following requiremen ts:
Be located in the Local Compu ter’s Personal certifica te store. This can be seen using the Ce rtificates MMC snap -in.
Have the private details on how to ob tain a key associated for use with i t stored locally. When viewing th e certificate you should
see a message saying “You have a private ke y that corresponds to this cer tificate’’.
Have a private key that does not have st rong private key protectio n enabled. This is an attribut e that can be added to a key
request.
The Enhanced Key Usage extensio n includes the Server Aut hentication object ide ntifier, again this forms part o f the key request.
Issued by a CA that both the domain co ntroller and the client trust .
Include the Active Directo ry fully qualified doma in name of the domain controlle r in the common name in the subje ct field and/or
the DNS entry in the subjec t alternative name extensio n.
To configure the VCS to use TLS on the conn ection to the LDAP server yo u must upload the CA’s certificate as a t rusted CA
certificate. This can be do ne on the VCS by navigating to:
Maintenance > Security.
•
•
•
•
•
•
•
Microsoft Active Directory Installing the H.350 SchemasOnce you have downloaded the H. 350 schemas, install them as
follows:
Open a command prompt and for e ach file execute the following
command:
ldifde -i -c DC=X <ldap _base> -f filename.ldf
where:
<ldap _base> is the base D N for your Active Director y
server.