User's Manual
Procedure
PurposeCommand or Action
Enters the LDAP command mode for AD configuration.Server# scope ldap
Step 1
Enables or disables AD group authorization.Server /ldap # set group-auth
{yes | no}
Step 2
Selects one of the five available group profiles for
configuration, where index is a number between 1 and 5.
Server /ldap # scope role-group
index
Step 3
Specifies the name of the group in the AD database that is
authorized to access the server.
Server /ldap/role-group # set name
group-name
Step 4
Specifies the AD domain the group must reside in.Server /ldap/role-group # set
domain domain-name
Step 5
Specifies the permission level (role) assigned to all users in
this AD group. This can be one of the following:
Server /ldap/role-group # set role
{admin | user | readonly}
Step 6
• admin—The user can perform all actions available.
• user—The user can perform the following tasks:
◦
View all information
◦
Manage the power control options such as power
on, power cycle, and power off
◦
Launch the KVM console and virtual media
◦
Clear all logs
◦
Toggle the locator LED
• readonly—The user can view information but cannot
make any changes.
Commits the transaction to the system configuration.Server /ldap/role-group # commit
Step 7
This example shows how to configure AD group authorization:
Server# scope ldap
Server /ldap # set group-auth yes
Server /ldap *# scope role-group 5
Server /ldap/role-group *# set name Training
Server /ldap/role-group *# set domain example.com
Server /ldap/role-group *# set role readonly
Server /ldap/role-group *# commit
ucs-c250-M2 /ldap # show role-group
Group Name Domain Role
------ ---------------- ---------------- --------
1 (n/a) (n/a) admin
2 (n/a) (n/a) user
3 (n/a) (n/a) readonly
4 (n/a) (n/a) (n/a)
5 Training example.com readonly
Cisco UCS C-Series Servers Integrated Management Controller CLI Configuration Guide, Release 1.5
70 OL-28893-01
Managing User Accounts
Configuring Active Directory Groups in CIMC