The endpoint presents its username and authentication credentials (these are generated using
its password) to the VCS, and the alias(es) with which it wishes to register
The VCS looks up the username in the LDAP database and obtains the authentication and alias
information for that entry.
If the authentication credentials match those supplied by the endpoint, the registration will
continue.

The VCS will then determine which alias(es) the endpoint will be allowed to attempt to register
with, based on the

alias origin

setting. For H.323 endpoints, you can use this setting to override

the aliases presented by the endpoint with those in the H.350 directory, or you can use them
in addition to the endpoint’s aliases. For SIP endpoints, you can use this setting to reject a
registration if the endpoint’s AOR does not match that in the LDAP database.

Alias Origin Setting

This setting determines the alias(es) with which the endpoint will attempt to register.

LDAP

The alias(es) presented by the endpoint will be used as long as they are listed in the LDAP
database for the endpoint’s username.

If an endpoint presents an alias that is listed in the LDAP database, it will be registered with
that alias.
If more than one alias is listed in the LDAP database for that username, the endpoint will be
registered with only those aliases that it has presented.
If an endpoint presents an alias that is not in the LDAP database, it will not be registered with
that alias.
If an endpoint presents more than one alias but none are listed in the LDAP database, it will
not be allowed to register.
If no aliases are presented by the endpoint, it will be registered with all the aliases listed in the
LDAP database for its username. (This is to allow for MCUs which additively register aliases
for conferences, for example the TANDBERG MPS (J4.0 and later) which registers ad-hoc
conferences.)
If no aliases are listed in the LDAP database for the endpoint’s username, then the endpoint
will be registered with all the aliases it presented.

Combined

The alias(es) presented by the endpoint will be used in addition to any that are listed in the LDAP
database for the endpoint’s username. In other words, this is the same as for LDAP, with one
exception:

If an endpoint presents an alias that is not in the LDAP database, it will be allowed to register
with that alias.

Endpoint

The alias(es) presented by the endpoint will be used; any in the LDAP database will be ignored.

If no aliases are presented by the endpoint, it will not be allowed to register.

•

Registration Control

Configuring the LDAP

Server Directory

The directory on the LDAP
server should be configured
to implement the ITU
H.350 specification [

]

to store credentials for
devices with which the VCS
communicates. The directory
should also be configured
with the aliases of endpoints
that will register with the
VCS.

For instructions on
how to configure
common LDAP

servers, see the Appendix

LDAP Configuration

Securing the LDAP Connection with TLS

The traffic between the VCS and the LDAP server can be
encrypted using Transport Layer Security (TLS).
To use TLS:

LDAP encryption must be set to

TLS

the LDAP server must have a valid certificate installed,
verifying its identity
The VCS must trust the certificate installed on the LDAP
server.

•
•

•

For information on how to configure the VCS to trust the
certificate installed on the LDAP server, see

About security

TLS can be difficult to configure, so we recommend
that you confirm that your LDAP database is working
correctly before you attempt to secure the connection

with TLS. We also recommend that you use a third party LDAP
browser to verify that your LDAP server is correctly configured to
use TLS.

Advertising

Popular Brands

Popular manuals