<ldap_base>
is the base DN for your Active Directory server.
Adding H.350 objects
Create the organizational hierarchy:
1. Open up the Active Directory
Users and Computers
MMC snap-in.
2. Under your BaseDN right-click and select
New Organizational Unit
.
3. Create an Organizational unit called
h350
.
It is good practice to keep the H.350 directory in its own organizational unit to separate out H.350 objects
from other types of objects. This allows access controls to be setup which only allow the VCS read access
to the BaseDN and therefore limit access to other sections of the directory.
Add the H.350 objects:
1. Create an ldif file with the following contents:
# MeetingRoom1 endpoint
dn: commUniqueId=comm1,ou=h350,DC=X
objectClass: commObject
objectClass: h323Identity
objectClass: h235Identity
objectClass: SIPIdentity
commUniqueId: comm1
h323Identityh323-ID: MeetingRoom1
h323IdentitydialedDigits: 626262
h235IdentityEndpointID: meetingroom1
h235IdentityPassword: mypassword
SIPIdentityUserName: meetingroom1
SIPIdentityPassword: mypassword
SIPIdentitySIPURI: sip:MeetingRoom@X
2. Add the ldif file to the server using the command:
ldifde -i -c DC=X <ldap_base> -f filename.ldf
where:
<ldap_base>
is the base DN of your Active Directory Server.
The example above will add a single endpoint with an H.323 ID alias of
MeetingRoom1
, an E.164 alias of
626262
and a SIP URI of
MeetingRoom@X
. The entry also has H.235 and SIP credentials of ID
meetingroom1
and password
mypassword
which are used during authentication.
H.323 registrations will look for the H.323 and H.235 attributes; SIP will look for the SIP attributes. Therefore
if your endpoint is registering with just one protocol you do not need to include elements relating to the other.
Note:
the SIP URI in the
ldif
file must be prefixed by
sip:
.
For information about what happens when an alias is not in the LDAP database see
Source of aliases for
registration
in the
Using an H.350 directory service lookup via LDAP [p.120]
section.
Securing with TLS
To enable Active Directory to use TLS, you must request and install a certificate on the Active Directory
server. The certificate must meet the following requirements:
Cisco VCS Administrator Guide (X8.1.1)
Page 378 of 507
Reference material
LDAP server configuration for device authentication