It is good practice to keep the H.350 directory in its own
organizational unit to separate out H.350 objects from
other types of objects. This allows access controls to be

setup which only allow the VCS read access to the BaseDN and
therefore limit access to other sections of the directory.

Add the H.350 Objects

Create an

ldif

file with the following contents:

# MeetingRoom1 endpoint
dn: commUniqueId=comm1,ou=h350,DC=X
objectClass: commObject

objectClass: h323Identity
objectClass: h235Identity
commUniqueId: comm1
h323Identityh323-ID: MeetingRoom1
h323IdentitydialedDigits: 626262
h235IdentityEndpointID: meetingroom1
h235IdentityPassword: mypassword

Add the ldif file to the server using the command:

ldifde -i -c DC=X <ldap _ base> -f filename.

ldf

where:

<ldap _ base>

is the base DN of your Active Directory

Server.

The example above will add a single H.323 endpoint with an
H.323 Id alias of

MeetingRoom1

and an E.164 alias of

626262

The entry also has H.235 credentials of id

meetingroom1

and

password

mypassword

which are used during authentication.

Prerequisites

These step-by-step instructions assume that Active Directory
has already been installed. For details on installing Active
Directory please consult your Windows documentation.
The following instructions are for Windows Server 2003
Enterprise Edition. If you are not using this version of Windows,
your instructions may vary.

Securing with TLS

To enable Active Directory to use TLS, you must request and install a certificate on the Active Directory server. The certificate must
meet the following requirements:

Be located in the Local Computer’s Personal certificate store. This can be seen using the

Certificates

MMC snap-in.

Have the private details on how to obtain a key associated for use with it stored locally. When viewing the certificate you should
see a message saying “You have a private key that corresponds to this certificate’’.
Have a private key that does not have strong private key protection enabled. This is an attribute that can be added to a key
request.
The Enhanced Key Usage extension includes the Server Authentication object identifier, again this forms part of the key request.
Issued by a CA that both the domain controller and the client trust.
Include the Active Directory fully qualified domain name of the domain controller in the common name in the subject field and/or
the DNS entry in the subject alternative name extension.

To configure the VCS to use TLS on the connection to the LDAP server you must upload the CA’s certificate as a trusted CA
certificate. This can be done on the VCS by navigating to:

Maintenance > Security.

•
•

•

•
•
•

•

Microsoft Active Directory

Installing the H.350 Schemas

Once you have

downloaded the H.350 schemas

, install them as

follows:
Open a command prompt and for each file execute the following
command:

ldifde -i -c DC=X <ldap _ base> -f filename.ldf

where:

<ldap _ base>

is the base DN for your Active Directory

server.

Advertising

Popular Brands

Popular manuals