Upload File

cisco vcs authenticating accounts using ldap deployment ... · pdf fileas well as active...

  • Home
  • Documents
  • Cisco VCS Authenticating Accounts Using LDAP Deployment ... · PDF fileAs well as Active Directory, other LDAP accessible servers include Novell eDirectory and OpenLDAP. ... Invalid
Download Cisco VCS Authenticating Accounts Using LDAP Deployment ... · PDF fileAs well as Active Directory, other LDAP accessible servers include Novell eDirectory and OpenLDAP. ... Invalid

If you can't read please download the document

Upload: vanthuy

Post on 06-Feb-2018

225 views

Category:

Documents


1 download

Report

TRANSCRIPT

  • Authenticating Cisco VCS accounts using LDAP

    Cisco TelePresence Deployment Guide Cisco VCS X5.1

    D14526.03

    October 2010

  • Contents

    VCS Deployment Guide: Authenticating VCS accounts using LDAP (VCS X5.1) Page 2 of 21

    Contents Document revision history ....................................................................................................3

    Introduction ............................................................................................................................4 Usage ...................................................................................................................................................... 4

    Cisco VCS configuration .......................................................................................................5 Configure LDAP server details on Cisco VCS......................................................................................... 5

    Status messages on Login account LDAP configuration page........................................................ 7 Configure DNS server ............................................................................................................................. 8 Define groups on Cisco VCS................................................................................................................... 9

    Groups for administrator login.......................................................................................................... 9 Groups for user login...................................................................................................................... 10

    Define Groups in the AD or other authentication server ....................................................................... 10 Set login authentication to use remote database .................................................................................. 10

    Appendix 1 IT requisition (for access to authentication server) ..................................12

    Appendix 2 IT requisition (for group configuration) ......................................................13

    Appendix 3 Active Directory structure............................................................................14

    Appendix 4 Configuring groups in Active Directory......................................................16 Create a group object ............................................................................................................................ 16 Make a user a member of a group ........................................................................................................ 17

    Appendix 5 Troubleshooting............................................................................................18 Viewing / searching LDAP database ..................................................................................................... 18

    Windows......................................................................................................................................... 18 Unix / Linux..................................................................................................................................... 18

    Unable to log in after switching to remote authentication...................................................................... 18 AD Domain Users group fails to allow login........................................................................................ 18

    Appendix 6 Certificates for TLS.......................................................................................19

    Appendix 7 Use with Cisco VCS clusters .......................................................................20

  • Document revision history

    Document revision history The following table summarizes the changes that have been applied to this document.

    Revision Date Description

    1 December 2009 Initial release.

    2 March 2010 Updated for Cisco VCS X5.1.

    3 October 2010 New document styles applied.

    VCS Deployment Guide: Authenticating VCS accounts using LDAP (VCS X5.1) Page 3 of 21

  • Introduction

    Introduction With so many pieces of technology needing user credentials to log into them, it is easier and better to manage usernames and passwords centrally. This means that users can have a single set of sign on credentials managed by an Active Directory or other LDAP accessible server, rather than having to remember separate usernames and passwords for each device.

    The device being accessed, rather than looking up the username and password in its own internal database, contacts the LDAP accessible server to both authenticate the user and also to check whether that authenticated user belongs to a group that the device authorizes to perform the functionality requested.

    Using a central login credential database also allows the company to define policies for passwords, such as the replacement interval, level of complexity and so on, and be sure that it applies to passwords for all systems.

    As well as Active Directory, other LDAP accessible servers include Novell eDirectory and OpenLDAP.

    This document describes how to configure the Cisco TelePresence Video Communication Server (Cisco VCS) to authenticate login accounts over LDAP.

    LDAP authentication and authorization is used for web login to the Cisco VCSs Administrator and User (FindMe) accounts. Other logins, including serial, Telnet and SSH continue to use the admin account configured on the Cisco VCS.

    Usage As an operator you will need to:

    have users, together with passwords, configured in the LDAP accessible server

    configure groups in the LDAP accessible server which define capabilities of the users

    associate users with groups in the LDAP accessible server

    configure Cisco VCS for LDAP operation A user, logging in to the Cisco VCS for administrator access or to configure FindMe (depending on how the Cisco VCS has been configured) will be authenticated using the LDAP server credentials. Both username and password are case sensitive.

    VCS Deployment Guide: Authenticating VCS accounts using LDAP (VCS X5.1) Page 4 of 21

  • Cisco VCS configuration

    Cisco VCS configuration

    Configure LDAP server details on Cisco VCS 1. Go to the Login account DAP configuration page (Maintenance > Login accounts > LDAP

    configuration).

    2. Configure the following fields so that the Cisco VCS can connect to the LDAP server to

    authenticate login accounts and check group membership (you can use the questionnaire in Appendix 1 IT requisition (for access to authentication server) to get the appropriate information from your IT department):

    Server address Fully Qualified Domain Name of the LDAP server (case insensitive) or the IP address of the LDAP server.

    FQDN address resolution

    Address Record: if the Server address above is not an IP address, look the value up as an IPv4 DNS A record, or an IPv6 DNS AAAA record. SRV Record: if the Server address above is not an IP address, look the value up as a DNS SRV record.

    Port IP port to use on the LDAP server, typically 389 if encryption is off, and 636 if encryption is set to TLS.

    Encryption If the LDAP server supports TLS encryption, set this to TLS, otherwise set it to Off. Note: if encryption is set to TLS, a valid CA certificate, private key and server certificate must be uploaded to Cisco VCS in the Security certificates page (Maintenance > Security certificates).

    Certificate revocation list (CRL) checking

    Only applicable if Encryption is TLS. None: CRLs are not to be checked. Peer: only the CRL directly associated with the Certificate Authority that issued the LDAP servers certificate is checked. All: CRLs of all the Certificate Authorities in the trust chain of the LDAP servers certificate are checked.

    VCS Deployment Guide: Authenticating VCS accounts using LDAP (VCS X5.1) Page 5 of 21

  • Cisco VCS configuration

    VCS bind DN cn=, ou= and dc= definition of the account object that will allow the Cisco VCS to query the database (case insensitive) See Appendix 3 Active Directory structure.

    VCS bind password

    Password of the account object that the Cisco VCS will use to query the database (case sensitive).

    SASL Enable Simple Authentication and Security Layer if it is company policy to do so.

    VCS bind username

    Username of the account that the Cisco VCS will use to log in to the LDAP server (case sensitive). Only required if SASL is enabled configure this to be the sAMAccountName; Security Access Manager Account Name (in AD this is the Accounts user logon name).

    Base DN for accounts

    ou= and dc= definition of the Distinguished Name where a search for user accounts should start in the database structure (case insensitive). This is for authentication of both administrator login and user login requests.

    Base DN for groups

    ou= and dc= definition of the Distinguished Name where a search for groups should start in the database structure (case insensitive). This is for authorization of an authenticated user to log in as an administrator or to log in to a user account.

    Note:

    The Cisco VCS Bind account is usually a read-only account with no special privileges.

    The Base DN for accounts and groups must be at or below the dc level (include all dc= values and ou= values if necessary). LDAP authentication does not look into sub dc accounts, only lower ou= and cn= levels.

    For example, using the values from Appendix 3 Active Directory structure:

    Server address servercluster1.corporation.int

    FQDN address resolution

    SRV Record

    Port


Www.novell.com Using ACLs in LDAP: Creating a Secure eDirectory Infrastructure Mike Richichi Assistant Director of Academic Technology, Drew University

Apache LDAP Configurationlawrencekearney.com/files/SUSECON_2013_Apache_LDAP_Configuration_for... · Apache LDAP Configuration using Novell Edirectory® and Microsoft Active Directory®

MDB: A Memory-Mapped Database and Backend for OpenLDAP · S Y M S The LDAP guys. TM A MDB: A Memory-Mapped Database and Backend for OpenLDAP Howard Chu CTO, Symas Corp. [email protected]

Www.novell.com Using ACLs in LDAP: Creating a Secure Novell eDirectory ™ Infrastructure Mike Richichi Assistant Director of Academic Technology Drew University

Linux Technology Center 18 April 2003 © 2003 IBM LDAP Content Synchronization Kurt D. ZeilengaJong Hyuk Choi OpenLDAP ProjectIBM Research Title slide

NDK: LDAP and eDirectory Integration · 1.1.1 eCommerce Beans The eCommerce beans provide easy-to-use Java components to integrate Web applications using LDAP. 1.1.2 LDAP Libraries

L308881A OpenD TB v5 - Apple · Open Directory Apple’s standards-based directory and network authentication services architecture. Features Scalable LDAP directory server • OpenLDAP

OpenLDAP Directory Administration LDAP Interoperability

NDK: LDAP and eDirectory Integration · 8 NDK: LDAP and eDirectory Integration 1.1.1 eCommerce Beans The eCommerce beans provide easy-to-use Java components to integrate Web applications

Novell iPrint and PaperCut Comprehensive Enterprise Print ... · print management by directly integrating with Novell iPrint and providing native support for Novell eDirectory LDAP

OpenLDAP 2.0 Administrator's Guide - uvm.edufcs/Doc/OpenLDAP/admin-guide.pdf · The OpenLDAP Project would also like to thank the University of Michigan LDAP for building the foundation

Apache LDAP Configuration - SUSE · PDF fileApache LDAP Configuration using Novell Edirectory® and Microsoft Active Directory® for the Neanderthal Lawrence Kearney Advisor for Higher

Linux Single Sign On Server...Linux Single Sign On Server OpenLDAP OpenLDAP merupakan server Lightweight Directory Access Protocol (LDAP) yang biasa digunakan sebagai buku alamat atau

Pulse Connect Secure Supported Platforms Guide€¦ · LDAP using Microsoft Active Directory Windows 2012 R2 Windows 2003 Windows 2008 R2 LDAP using Novell eDirectory Novell Client

LDAP Servers and Applications - HUMBUGquark.humbug.org.au/publications/ldap/ldap-apps-sageau... · 2010. 7. 8. · University of Michigan OpenLDAP iPlanet/SunONE Directory Server

LDAP and OpenLDAP

Sistema de correo con Postfix, OpenLDAP, Courier …es.tldp.org/Manuales-LuCAS/doc-tutorial-postfix-ldap-courier-spam... · Sistema de correo con Postfix, OpenLDAP, Courier ((POP3&&IMAP)

OpenLDAP, Main Page - The LDAP Schema Registry and its ...The LDAP Schema Registry and its requirements on Slapd development OpenLDAP Developers' Day San Francisco 21 March 2003 Peter

Apache LDAP Configurationlawrencekearney.com/files/TTP_APAC_2013_Apache_LDAP... · 2013-12-17 · Managing an Enterprise Series Apache LDAP Configuration using Novell Edirectory®

Www.novell.com Introduction to the Hot New LDAP Features in Novell eDirectory ™ 8.7 Gary L. Anderson Senior Development Manager Novell, Inc. [email protected]

LDAP and OpenLDAP - Oav.net · LDAP and OpenLDAP (on the Linux Platform) March 21, ... wide range of Open Source related ... This is also the home page for the following LDAP related

OpenLDAP– Supported LDAP version 2 • Release 2.0 2000/08/31 – 2002/09/22 – Introduced LDAP version 3 support – Added security with SASL and SSL/TLS • Release 2.1 2002/06/09

LDAP and OpenLDAP - Telecom SudParis

OpenLDAP Directory Administration OpenLDAP

OpenLDAP · –Supported LDAP version 2 • Release 2.0 2000/08/31 – 2002/09/22 –Introduced LDAP version 3 support –Added security with SASL and SSL/TLS • Release 2.1 2002/06/09

Introduction aux annuaires LDAP avec OpenLDAP · p ldap-git-backup - Back up LDAP database in an Git repository p ldap-utils - OpenLDAP utilities p ldapscripts - Add and remove users

SonicOS Enhanced 3.2 LDAP Integration with Microsoft ... · Microsoft Active Directory and Novell eDirectory Support Document Scope This document describes the integration of SonicOS

The LDAP guys. Life After BerkeleyDB: OpenLDAP's ......The LDAP guys. TM A Background API Inspired by Berkeley DB (BDB) OpenLDAP has used BDB extensively since 1999 Deep experience

Novell OpenLDAP Configurationgoprintsupport.com/Novell_LDAP.pdf · Novell LDAP 11 Scenario #1 – Single group membership The following strings are Microsoft Active Directory examples;

NDK: LDAP and eDirectory Integration - novell.com · 3 LDAP Event Services 53 ... LDAP and eDirectory Integration LDAP Return Codes ... statements to access eDirectory or Novell Directory

Diapositive 1support.aastra.fr/extra/Sales/_presales/files_en/02-LDAP... · PPT file · Web view2008-12-01 · OpenLDAP Directory Product presentation September 2008 Aastra 5000

Linux Authentication using LDAP and eDirectory To provide a guide to implent Linux authentication against eDirectory (no local users) based on PAM and LDAP. Authentication scheme Recommendations

LDAP Directory on Yealink IP Phones Introductiondownload.support.yealink.com/download?path=upload... · This guide provides configurations on the LDAP server and IP ... The OpenLDAP

SonicOS Enhanced 3.2 LDAP Integration with Microsoft ...software.sonicwall.com/firmware/beta/documentation/Config_LDAP... · 1 SonicOS Enhanced 3.2 LDAP Integration with eDirectory

Pulse Connect Secure Supported Platforms Guide...LDAP using Sun ONE iPlanet Server Sun ONE Directory Server 5.2 LDAP (other standards-compliant servers) OpenLDAP 2.3.27 Authentication