I was trying to figure this out myself last night and got it working (sort of).
Note: I'm not an LDAP expert or an AD expert so anyone feel free to correct me if I'm wrong. I would love to get this working better.
It appears how the authentication takes place is the media server performs a simple bind with the LDAP server using the username and password provided on the login page. If the bind is successful then the user is authenticated. I don't know if this is true or not but I ran across a post last night that said in AD you can only bind using the cn. For AD that equates to "Andrew Osborne" in my case. In VSOM you then have to set up the user account so that the user name matches exactly the cn in AD so my username in VSOM is "Andrew Osborne".
How I configured it to work was:
- From the Video Surveillance Management Console select "Operations Manager" on the left side.
- Change the Authentication Type from Application Database to LDAP Server.
- Put in the hostname of the LDAP server. (I just put the IP address of my AD server)
- Enter the host port.(I just put in 389)
- For the Relative Distinguished Name use something like "cn=%username%,OU=VSOM,OU=Users"
- cn=%username% <- uses the username from the loging page
- OU=VSOM,OU=Users <- this needs to change to the OU where your VSOM users are.
- Domain Controllers needs to be something like "DC=cisco,DC=com" to match your domain
- Make sure you click on the Update button
Back in VSOM:
- Go to the Users page
- then when you add or edit a user you have the option to select "Local Password" or "LDAP"
- Enter the username to match the AD cn which in my case was "Andrew Osborne"
- Select LDAP
- Enter the first name and last name. These are locally significant.
- Select any other options you need.
- finally select submit.
After doing this I was able to log in using the same password that I have in AD but not the same username. If anyone has a different method to get VSOM to authenticate using the same username as in AD that would be great.
But how about this variation. What would you put in the RDN field if your users span multiple ou e.g. they are in both a security group and an HR group - any way to specify multiple OU. Any suggestions appreciated.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :