Manualshelf

User`s guide

ManualsBrandsAMD ManualsComputer equipmentLE-363 User's
281282283284285286287288289290
Chapter 15 User Authorization and Access Control 259
Example: Display All AD Server Configuration
The chassis maintains a connection between IMS and the remote AD server. The
“user-dn” is the user that initiates and maintains this connection. In the above
example, the user is “user@xsigo.com”. The user must have at least read privileges
since it queries all the role information. The “base-dn” is the tree-search range. You
can reduce the search scope to increase the search speed, for example “DC=Users,
DC=XSIGO, DC-COM”.
Using Role Group Mappings for
AD/LDAP Users
For AD/LDAP IMS solutions, XgOS supports mapping individual AD groups to the
pre-defined roles on the Oracle Fabric Interconnect. When the group is mapped, any
user that is a member of the group can access the Oracle Fabric Interconnect through
the group, and will receive the Oracle Fabric Interconnect privileges that are
available through the role. The mapping occurs through a role group and a regular
expression the selects against all the groups to which the user belongs.
show ims ad-server * -detail
-----------------------------------------------------------------
name AD1
descr
host-name ad1.xsigo.com
port 389
state up/up
error
user-dn user@xsigo.com
base-dn DC=XSIGO,DC=COM
server-mode primary
formal-user-dn
domain-represented-by group
authentication-type simple
kerberos-default-realm
kerberos-default-domain
kdc-host-name
kdc-port-num
-----------------------------------------------------------------
1 record displayed