Table of Contents
Advertisement
NOTE: If certificate validation is enabled, specify the Domain Controller Server addresses and the FQDN. Make sure that
DNS is configured correctly under.
Using the following RACADM command may be optional:
racadm sslcertdownload -t 0x1 -f < RAC SSL certificate >
Configuring Generic LDAP Users
CMC provides a generic solution to support Lightweight Directory Access Protocol (LDAP)-based authentication. This feature does
not require any schema extension on your directory services.
A CMC administrator can now integrate the LDAP server user logins with CMC. This integration requires configuration on both LDAP
server and CMC. On the LDAP server, a standard group object is used as a role group. A user who has CMC access becomes a
member of the role group. Privileges are still stored on CMC for authorization similar to the working of the Standard Schema setup
with Active Directory support.
To enable the LDAP user to access a specific CMC card, the role group name and its domain name must be configured on the
specific CMC card. You can configure a maximum of five role groups in each CMC. A user has the option to be added to multiple
groups within the directory service. If a user is a member of multiple groups, then the user obtains the privileges of all their groups.
For information about the privileges level of the role groups and the default role group settings, see
Configuring the Generic LDAP Directory to Access CMC
The CMC's Generic LDAP implementation uses two phases in granting access to a user—user authentication, and then the user
authorization.
Authentication of LDAP Users
Some directory servers require a bind before a specific LDAP server can be searched for.
To authenticate a user:
1.
Optionally bind to the Directory Service. The default is an anonymous bind.
NOTE: The Windows-based directory servers do not allow anonymous login. Hence, enter the bind DN name and
password.
2.
Search for the user on the basis of the user login. The default attribute is uid. If more than one object is found, then the
process returns an error.
3.
Unbind and perform a bind with the user's DN and password. If the system is unable to bind, then the login will not be
successful.
4.
If these steps succeed, the user is authenticated.
Authorization Of LDAP Users
To authorize a user:
1.
Search each configured group for the user's domain name within the member or uniqueMember attributes. An
administrator can configure a user domain.
2.
For every user group that the user belongs to, give the user appropriate user access rights and privileges.
Configuring Generic LDAP Directory Service Using CMC Web Interface
To configure the generic LDAP directory service:
NOTE: You must have the Chassis Configuration Administrator privilege.
1.
In the left pane, click Chassis Overview → User Authentication → Directory Services.
2.
Select Generic LDAP.
The settings to be configured for standard schema is displayed on the same page.
3.
Specify the following:
128
Types of
Users.
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
