Securing with tls, Openldap, Prerequisites – Tandberg Data N3 User Manual

Page 54: Installing the h.350 schemas, 2 openldap, 3 securing with tls, 1 prerequisites, 2 installing the h.350 schemas

Advertising
background image

TANDBERG Gatekeeper User Manual

48

commUniqueId: comm1

h323Identityh323-ID: MeetingRoom1

h323IdentitydialedDigits: 626262

h235IdentityEndpointID: meetingroom1

h235IdentityPassword: mypassword

Add the ldif file to the server using the command:

ldifde -i -c DC=X <ldap_base> -f filename.ldf

This will add a single H.323 endpoint with an H.323 Id alias of

MeetingRoom1

and an E.164

alias of

626262

. The entry also has H.235 credentials of id

meetingroom1

and password

mypassword

which are used during authentication.

7.1.3 Securing with TLS

To enable Active Directory to use TLS, you must request and install a certificate on the Active
Directory server. The certificate must meet the following requirements:

Be located in the Local Computer's Personal certificate store. This can be seen using the
Certificates MMC snap in.

Have the private details on how to obtain a key associated for use with it stored locally.
When viewing the certificate you should see a message saying

You have a private key

that corresponds to this certificate

.

Have a private key that does not have strong private key protection enabled. This is an
attribute that can be added to a key request.

The Enhanced Key Usage extension includes the Server Authentication object identifier,
again this forms part of the key request.

Issued by a CA that both the domain controller and the client trust.

Include the Active Directory fully qualified domain name of the domain controller in the
common name in the subject field and/or the DNS entry in the subject alternative name
extension.

7.2 OpenLDAP

7.2.1 Prerequisites

These instructions assume that an OpenLDAP server has already been installed. For details
on installing OpenLDAP see the documentation at

http://www.openldap.org

.

The following examples use a standard OpenLDAP installation on the Linux platform. For
installations on other platforms the location of the OpenLDAP configuration files may be
different. See the OpenLDAP installation documentation for details.

7.2.2 Installing the H.350 schemas

The following ITU specification describes the schemas which are required to be installed on
the LDAP server:

H.350

Directory services architecture for multimedia conferencing - An LDAP

schema to represent endpoints on the network.

H.350.1

Directory services architecture for H.323

An LDAP schema to represent

H.323 endpoints.

Advertising
Popular Brands
Popular manuals