TANDBERG D14049.04 Network Card User Manual

Open as PDF

of 276

D14049.04

JULY 2008

Grey Headline (continued)

TANDBERG VIDEO COMMUNICATIONS SERVER

ADMINISTRATOR GUIDE

Introduction Getting Started

Overview and

Status

System

Conguration

VCS

Conguration

Zones and

Neighbors

Call

Processing

Bandwidth

Control

Firewall

Traversal

Appendices

Applications Maintenance

Registration Control

Authentication Databases

Authentication using an LDAP Server

If the VCS is using an LDAP server for authentication, the process is as follows:

The endpoint presents its username and authentication credentials (these are generated using 1.

its password) to the VCS, and the alias(es) with which it wishes to register

The VCS looks up the username in the LDAP database and obtains the authentication and alias 2.

information for that entry.

If the authentication credentials match those supplied by the endpoint, the registration will 3.

continue.

The VCS will then determine which alias(es) the endpoint will be allowed to attempt to register

with, based on the alias origin setting. For H.323 endpoints, you can use this setting to override

the aliases presented by the endpoint with those in the H.350 directory, or you can use them

in addition to the endpoint’s aliases. For SIP endpoints, you can use this setting to reject a

registration if the endpoint’s AOR does not match that in the LDAP database.

Alias Origin Setting

This setting determines the alias(es) with which the endpoint will attempt to register. The options

are as follows:

LDAP

The alias(es) presented by the endpoint will be used as long as they are listed in the LDAP

database for the endpoint’s username.

If an endpoint presents an alias that is listed in the LDAP database, it will be registered with that

•

alias.

If more than one alias is listed in the LDAP database for that username, the endpoint will be

•

registered with only those aliases that it has presented.

If an endpoint presents an alias that is not in the LDAP database, it will not be registered with

•

that alias.

If an endpoint presents more than one alias but none are listed in the LDAP database, it will not

•

be allowed to register.

If no aliases are presented by the endpoint, it will be registered with all the aliases listed in the

•

LDAP database for its username. (This is to allow for MCUs which additively register aliases

for conferences, for example the TANDBERG MPS (J4.0 and later) which registers ad-hoc

conferences.) (This applies to H.323 only).

If no aliases are listed in the LDAP database for the endpoint’s username, then the endpoint will

•

be registered with all the aliases it presented.

Combined

The alias(es) presented by the endpoint will be used in addition to any that are listed in the LDAP

database for the endpoint’s username. In other words, this is the same as for LDAP, with one

exception:

If an endpoint presents an alias that is not in the LDAP database, it will be allowed to register

•

with that alias.

Endpoint

The alias(es) presented by the endpoint will be used; any in the LDAP database will be ignored.

If no aliases are presented by the endpoint, it will not be allowed to register.

•

Conguring the LDAP

Server Directory

The directory on the LDAP

server should be congured

to implement the ITU H.350

specication [2] to store

credentials for devices with

which the VCS communicates.

The directory should also be

congured with the aliases

of endpoints that will register

with the VCS.

For instructions on

how to congure

common LDAP

servers, see the Appendix

LDAP Conguration.

Securing the LDAP Connection with TLS

The trafc between the VCS and the LDAP server can be

encrypted using Transport Layer Security (TLS).

To use TLS:

LDAP

•

Encryption must be set to TLS

the LDAP server must have a valid certicate installed,

•

verifying its identity

The VCS must trust the certicate installed on the LDAP

•

server.

For information on how to congure the VCS to trust the

certicate installed on the LDAP server, see the Security

section.

TLS can be difcult to congure, so we recommend that

you conrm that your LDAP database is working

correctly before you attempt to secure the connection

with TLS. We also recommend that you use a third party LDAP

browser to verify that your LDAP server is correctly congured to

use TLS.

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

TANDBERG D14049.04 Network Card User Manual