D 14049.01
07.2007
181
TANDBERG VIDEO COMMUNICATION SERVER
ADMINISTRATOR GUIDE
Text goes here
Introduction
Getting
Started
System
Overview
System
Configuration
H.323 & SIP
Configuration
Registration
Control
Zones and
Neighbors
Call
Processing
Firewall
Traversal
Bandwidth
Control
Maintenance
Appendices
TANDBERG VIDEO COMMUNICATION SERVER
ADMINISTRATOR GUIDE
Appendices
LDAP Conguration
Adding H.350 Objects
Create the Organizational Hierarchy
Open up the Active Directory Users and Computers MMC
snap-in.
Under your BaseDN right-click and select New Organizational
Unit.
Create an Organizational unit called h350.
It is good practice to keep the H.350 directory in its own
organizational unit to separate out H.350 objects from
other types of objects. This allows access controls to be
setup which only allow the VCS read access to the BaseDN and
therefore limit access to other sections of the directory.
Add the H.350 Objects
Create an ldif file with the following contents:
# MeetingRoom1 endpoint
dn: commUniqueId=comm1,ou=h350,DC=X
objectClass: commObject
1.
2.
3.
1.
objectClass: h323Identity
objectClass: h235Identity
commUniqueId: comm1
h323Identityh323-ID: MeetingRoom1
h323IdentitydialedDigits: 626262
h235IdentityEndpointID: meetingroom1
h235IdentityPassword: mypassword
Add the ldif file to the server using the command:
ldifde -i -c DC=X <ldap _ base> -f filename.
ldf
where:
<ldap _ base> is the base DN of your Active Directory
Server.
The example above will add a single H.323 endpoint with an
H.323 Id alias of MeetingRoom1 and an E.164 alias of 626262.
The entry also has H.235 credentials of id meetingroom1 and
password mypassword which are used during authentication.
2.
Prerequisites
These step-by-step instructions assume that Active Directory
has already been installed. For details on installing Active
Directory please consult your Windows documentation.
The following instructions are for Windows Server 2003
Enterprise Edition. If you are not using this version of Windows,
your instructions may vary.
Securing with TLS
To enable Active Directory to use TLS, you must request and install a certificate on the Active Directory server. The certificate must
meet the following requirements:
Be located in the Local Computer’s Personal certificate store. This can be seen using the Certificates MMC snap-in.
Have the private details on how to obtain a key associated for use with it stored locally. When viewing the certificate you should
see a message saying “You have a private key that corresponds to this certificate’’.
Have a private key that does not have strong private key protection enabled. This is an attribute that can be added to a key
request.
The Enhanced Key Usage extension includes the Server Authentication object identifier, again this forms part of the key request.
Issued by a CA that both the domain controller and the client trust.
Include the Active Directory fully qualified domain name of the domain controller in the common name in the subject field and/or
the DNS entry in the subject alternative name extension.
To configure the VCS to use TLS on the connection to the LDAP server you must upload the CA’s certificate as a trusted CA
certificate. This can be done on the VCS by navigating to:
Maintenance > Security.
•
•
•
•
•
•
•
Microsoft Active Directory
Installing the H.350 Schemas
Once you have downloaded the H.350 schemas, install them as
follows:
Open a command prompt and for each file execute the following
command:
ldifde -i -c DC=X <ldap _ base> -f filename.ldf
where:
<ldap _ base> is the base DN for your Active Directory
server.