TANDBERG D14049.01 manual . Copy the OpenLDAP files to the OpenLDAP schema directory

LDAPText goesConfigurationhere

TANDBERG VIDEO COMMUNICATION SERVER ADMINISTRATOR GUIDE

Prerequisites

These instructions assume that an OpenLDAP server has already been installed. For details on installing OpenLDAP see the documentation at http://www.openldap.org.

The following examples use a standard OpenLDAP installation on the Linux platform. For installations on other platforms the location of the OpenLDAP configuration files may be different. See the OpenLDAP installation documentation for details.

Installing the H.350 Schemas

. Copy the OpenLDAP files to the OpenLDAP schema directory:

/etc/openldap/schemas/commobject.ldif

/etc/openldap/schemas/h323identity.ldif

/etc/openldap/schemas/h235identity.ldif

/etc/openldap/schemas/sipidentity.ldif . Edit /etc/openldap/slapd.conf to add the new

OpenLDAP

Adding H.350 Objects

Create the Organizational Hierarchy

. Create an ldif file with the following contents:

#This example creates a single

#organizational unit to contain the H.350

#objects

dn: ou=h350,dc=my-domain,dc=com

objectClass: organizationalUnit

ou: h350

. Add the ldif file to the server using the command:

slapadd -l <ldif _ file>

This organizational unit will form the BaseDN to which the

VCS will issue searches. In this example the BaseDN will be: ou=h350,dc=my-domain,dc=com.

It is good practice to keep the H.350 directory in its own

organizational unit to separate out H.350 objects from other types of objects. This allows access controls to be

setup which only allow the VCS read access to the BaseDN and therefore limit access to other sections of the directory.

Add the H.350 Objects

. Create an ldif file with the following contents:

# MeetingRoom1 endpoint

dn: commUniqueId=comm1,ou=h350,dc=my- domain,dc=com

objectClass: commObject

objectClass: h323Identity

objectClass: h235Identity

commUniqueId: comm1

h323Identityh323-ID: MeetingRoom1

h323IdentitydialedDigits: 626262

h235IdentityEndpointID: meetingroom1

h235IdentityPassword: mypassword

. Add the ldif file to the server using the command: slapadd -l <ldif _ file>

This will add a single H.323 endpoint with an H.323 Id alias of MeetingRoom1 and an E.164 alias of 626262. The entry also has H.235 credentials of id meetingroom1 and password mypassword which are used during authentication.

schemas. You will need to add the following lines:

include /etc/openldap/schemas/commobject.ldif include /etc/openldap/schemas/h323identity. ldif

include /etc/openldap/schemas/h235identity. ldif

include /etc/openldap/schemas/sipidentity.ldif The OpenLDAP daemon (slapd) must be restarted for the new schemas to take effect.

Securing with TLS

The connection to the LDAP server can be encrypted by enabling Transport Level Security (TLS) on the connection. To do this you must create an X.509 certificate for the LDAP server to allow the VCS to verify the server’s identity. Once the certificate has been created you will need to install the following three files associated with the certificate onto the LDAP server:

•The certificate for the LDAP server.

•The private key for the LDAP server.

•The certificate of the Certificate Authority (CA) that was used to sign the LDAP server’s certificate.

All three files should be in PEM file format.

The LDAP server must be configured to use the certificate. To do this:

. Edit /etc/openldap/slapd.conf and add the following three lines:

TLSCACertificateFile <path to CA certificate> TLSCertificateFile <path to LDAP server certificate>

TLSCertificateKeyFile <path to LDAP private key>

The OpenLDAP daemon (slapd) must be restarted for the TLS settings to take effect.

To configure the VCS to use TLS on the connection to the LDAP server you must upload the CA’s certificate as a trusted CA certificate. This can be done on the VCS by navigating to:

•Maintenance > Security.