I was wondering, if I were to configure VCS to do LDAP authentication while using an Active Directory as LDAP, which passwords would it be using? Will it authenticate against domain password or will I need to fill in a separate password attribute (which would be cleartext)?
Hello Eli -
Are you referring to user accounts (such as admin accounts that login to the VCS), or for devices (such as endpoints)?
If you're talking about authenticating user accounts, than it will use your AD username/password.
If you're talking about authenticating devices/endpoints, than it will use fields in your LDAP that are created by schemas that you download from the VCS and install to your LDAP directory.
I am actually talking about endpoint authentication.
Is it possible to use LDA (H.350) authentication against an AD and use user domain password for authentication? That is, I do not want to store the password as an attribute but rather have VCS bind to LDAP with the proposed user/password to see whether the user exists or not. SAme way as it is done by the LDAP module on Apache for instance.
You would need to enter the password for the bind user you need. For the password challenge you can choose between:
In addition to the password challenge you could run an encrypted SSL tunnel for the whole LDAP communication. For this you'll need a certificate trust between VCS and LDAP.
Additional information can be found here: http://www.cisco.com/c/dam/en/us/td/docs/telepresence/infrastructure/vcs/config_guide/Cisco_VCS_Authenticating_Devices_Deployment_Guide_X7-2.pdf