Admins – Active Directory Integration

Vidyo offers a number of ways to provision and manage users in your institution that will be using Vidyo. These include:

  • Local management – users are added and managed individually or through a CSV file upload
  • LDAP – Use an LDAP compliant Directory Service (including Active Directory) to handle these tasks
  • Web Service
  • SAML

This pages is concerned with the LDAP option.

Vidyo publish detailed guidance on how to do this in the VidyoConferencing Administrator Guide, under the Chapter 10 “Managing users as the Tenant Admin”.

TENET is grateful to the ITS team at UCT who have kindly shared their experience in getting Active Directory set up to manage users on the UCT Vidyo Tenant. You can view a recording of the Vidyo meeting where Leon Liebenberg took us through the process.

The process turns out to be quite simple. UCT already had a service running that they use for other authentication needs, so the URL for that is in the URL field:

ldaps://msldap.uct.ac.za:636/

The BIND DN or username is:

CN=vidyo integration,ou=services,dc=wf,dc=uct,dc=ac,dc=za

with an appropriate password.

Then Search base:

dc=wf,dc=uct,dc=ac,dc=za

and Filter template:

samaccountname=<>

They opted for the Subtree option in the “Scope” set of Radio Buttons.

Looking then at LDAP Attributes Mapping, they made the following entries:

Portal Attribute Name LDAP Attribute Name Default Value
User Name  samaccountname
User Type Normal
Display Name displayname
 E-Mail Address  mail  uct.ac.za
 Extension
 Group  Default
 Description  LDAP Provisioned User
 Proxy  vr-vm1-cpt1 VE Proxy
 Location Tag  Tenet_South_Users

Other institutions will need to adjust the last two entires according to the part of the TENET Vidyo infrastructure that is most appropriate for them. Please refer to this list for information on what to put in these two  fields.

They have restricted LDAP provisioned accounts to “Normal”  Vidyo accounts. Admin, Operator and Room based accounts will still be manually provisioned.

One issue to be aware of is that your LDAP server must be able to communicate with the TENET VidyoPortal on 196.24.243.133, so you will need to check your Firewall set up.

They have kindly provided two screen shots that show how things look:

AD Integration - Main Screen

 

Attributes Mapping