Specifications
Appendix A: LDAP Implementation Details
121
NX-Series Controllers - WebConsole & Programming Guide
Example - Setting Up User's Access Rights
In order to give AMX equipment users access rights to the Master, group memberships for users will be defined by the
GroupOfNames object class (refer to LDAP RFC4519). Two records need to be created in the database:
One that represents users with administrative privileges (Admin Change Password Access, Terminal (RS232)
Access, FTP Access, HTTP Access, Telnet Access, Configuration, ICSPConnectivity, and EncryptICSP
Connection).
Another that represents users with user privileges (HTTP Access). The DNs of the AMX equipment users
will be listed under the appropriate GroupOfNames object class as a member attribute.
Administrator Access Example
User Access Example
Note: If the DN of a user is in both the administrator groupOfNames and the user groupOfNames, the administrative
privileges take precedence over user privileges.
Administrator Access
LDAP Server Configuration Master Configuration
Example:
dn: cn=master01Admin,ou=groups,ou=Dallas,
dc=example,dc=com
objectClass: groupOfNames
objectClass: top
cn: master01Admin
member: uid=DallasAdminUser1,ou=people,
ou=Dallas,dc=example,dc=com
member: uid=ICSPUser,ou=people,
ou=Dallas,dc=example,dc=com
On the System Security Details page, enter the
Administrator groupOfNames cn.
Example:
Admin groupOfNames cn: master01Admin
User Access
LDAP Server Configuration Master Configuration
Example:
dn: cn=master01User,ou=groups,
ou=Dallas,dc=example,dc=com
objectClass: groupOfNames
objectClass: top
cn: master01User
member: uid=DallasUser1,ou=people,
ou=Dallas,dc=example,dc=com
member: uid=DallasUser2,ou=people,
ou=Dallas,dc=example,dc=com
On the System Security Details page, enter the
User groupOfNames cn.
Example:
User groupOfNames cn: master01User