LDAPText goesConfigurationhere

TANDBERG VIDEO COMMUNICATION SERVER ADMINISTRATOR GUIDE

Prerequisites

These step-by-step instructions assume that Active Directory has already been installed. For details on installing Active Directory please consult your Windows documentation.

The following instructions are for Windows Server 2003 Enterprise Edition. If you are not using this version of Windows, your instructions may vary.

Installing the H.350 Schemas

Once you have downloaded the H.350 schemas, install them as follows:

Open a command prompt and for each file execute the following command:

ldifde -i -c DC=X <ldap _ base> -f filename.ldf

Microsoft Active Directory

Adding H.350 Objects

Create the Organizational Hierarchy

. Open up the Active Directory Users and Computers MMC snap-in.

. Under your BaseDN right-click and select New Organizational Unit.

3.Create an Organizational unit called h350.

It is good practice to keep the H.350 directory in its own

organizational unit to separate out H.350 objects from other types of objects. This allows access controls to be

setup which only allow the VCS read access to the BaseDN and therefore limit access to other sections of the directory.

Add the H.350 Objects

. Create an ldif file with the following contents:

# MeetingRoom1 endpoint

dn: commUniqueId=comm1,ou=h350,DC=X

objectClass: commObject

objectClass: h323Identity

objectClass: h235Identity

commUniqueId: comm1

h323Identityh323-ID: MeetingRoom1

h323IdentitydialedDigits: 626262

h235IdentityEndpointID: meetingroom1

h235IdentityPassword: mypassword

. Add the ldif file to the server using the command: ldifde -i-c DC=X <ldap _ base> -f filename. ldf

where:

<ldap _ base> is the base DN of your Active Directory Server.

The example above will add a single H.323 endpoint with an H.323 Id alias of MeetingRoom1 and an E.164 alias of 626262. The entry also has H.235 credentials of id meetingroom1 and password mypassword which are used during authentication.

where:

<ldap _ base> is the base DN for your Active Directory server.

Securing with TLS

To enable Active Directory to use TLS, you must request and install a certificate on the Active Directory server. The certificate must meet the following requirements:

Be located in the Local Computer’s Personal certificate store. This can be seen using the Certificates MMC snap-in.

Have the private details on how to obtain a key associated for use with it stored locally. When viewing the certificate you should see a message saying “You have a private key that corresponds to this certificate’’.

Have a private key that does not have strong private key protection enabled. This is an attribute that can be added to a key request.

The Enhanced Key Usage extension includes the Server Authentication object identifier, again this forms part of the key request.

Issued by a CA that both the domain controller and the client trust.

Include the Active Directory fully qualified domain name of the domain controller in the common name in the subject field and/or the DNS entry in the subject alternative name extension.

To configure the VCS to use TLS on the connection to the LDAP server you must upload the CA’s certificate as a trusted CA certificate. This can be done on the VCS by navigating to:

Maintenance > Security.

Introduction

Getting

System

System

H.323 & SIP

Registration

Zones and

Call

Firewall

Bandwidth

Maintenance

Appendices

Started

Overview

Configuration

Configuration

Control

Neighbors

Processing

Traversal

Control

 

 

 

D 14049.01

 

 

 

 

181

 

 

 

 

 

07.2007

 

 

 

 

 

 

 

 

 

Page 181
Image 181
TANDBERG D14049.01 manual Installing the H.350 Schemas, Microsoft Active Directory, Adding H.350 Objects, Securing with TLS