11-21-2009 09:05 AM
01-19-2010 10:41 AM
Avi,
I was trying to figure this out myself last night and got it working (sort of).
Note: I'm not an LDAP expert or an AD expert so anyone feel free to correct me if I'm wrong. I would love to get this working better.
It appears how the authentication takes place is the media server performs a simple bind with the LDAP server using the username and password provided on the login page. If the bind is successful then the user is authenticated. I don't know if this is true or not but I ran across a post last night that said in AD you can only bind using the cn. For AD that equates to "Andrew Osborne" in my case. In VSOM you then have to set up the user account so that the user name matches exactly the cn in AD so my username in VSOM is "Andrew Osborne".
How I configured it to work was:
- From the Video Surveillance Management Console select "Operations Manager" on the left side.
- Change the Authentication Type from Application Database to LDAP Server.
- Put in the hostname of the LDAP server. (I just put the IP address of my AD server)
- Enter the host port.(I just put in 389)
- For the Relative Distinguished Name use something like "cn=%username%,OU=VSOM,OU=Users"
- cn=%username% <- uses the username from the loging page
- OU=VSOM,OU=Users <- this needs to change to the OU where your VSOM users are.
- Domain Controllers needs to be something like "DC=cisco,DC=com" to match your domain
- Make sure you click on the Update button
Back in VSOM:
- Go to the Users page
- then when you add or edit a user you have the option to select "Local Password" or "LDAP"
- Enter the username to match the AD cn which in my case was "Andrew Osborne"
- Select LDAP
- Enter the first name and last name. These are locally significant.
- Select any other options you need.
- finally select submit.
After doing this I was able to log in using the same password that I have in AD but not the same username. If anyone has a different method to get VSOM to authenticate using the same username as in AD that would be great.
Good luck.
03-31-2010 01:46 PM
Thanks for the great description Andrew,
I had to make one minor change to your explaination to get it to work for me:
"- For the Relative Distinguished Name use something like "cn=%username%,OU=VSOM,OU=Users""
- For this I used "CN=%username%,CN=Users"
- This changed made it work for me.
I agree that I would prefer to use the login name (i.e. bsmith) rather than the CN (i.e. Bob Smith).
I waiting for Cisco TAC to let me know if there is a fix or work around for this.
I will update this post if I find anything.
Thanks again!
04-07-2010 05:13 AM
Also thanks Andrew
But how about this variation. What would you put in the RDN field if your users span multiple ou e.g. they are in both a security group and an HR group - any way to specify multiple OU. Any suggestions appreciated.
04-07-2010 09:20 AM
Update:
I have spoken with TAC again.
They say you cannot change the attribute that is queried by VSOM. It uses the CN, so you have to change the users CN to bsmith (rather than Bob Smith).
04-07-2010 10:35 AM
Hello,
We have been working with VSOM for while now and using LDAP for authentication. Our settings are:
RDN: %username%
Delimiter: @
DC: yourdomain.com
Port: 389
Host Name: IP of your DC
VSOM will search the entire OU structure to find a match. If you need to specify security (what cameras they can or cannot see) you will need to do this in VSOM.
04-16-2010 11:28 AM
I just got this working with a Sun Java LDAP Directory Server v6. I used the following config to do it:
Host Name: dns/ip name of your LDAP server
Host Port: 389
RDN: uid=%username%,OU=People (uid can be whatever attribute you want to bind against, OU=People is whatever OU your LDAP server has your users in)
DC: DC={enter your TLD here}, DC={enter your domain suffix here}
That will bind to the Sun LDAP directory server using the username/password you enter into the VSOM login page.
--greg
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide