Users Guide

ManualsBrandsDell ManualsActive System ManagerChassis Management Controller Version 2.0 for Dell PowerEdge FX2

101

102

103

104

105

106

107

108

109

110

A CMC administrator can now integrate the LDAP server user logins with CMC. This integration requires conguration on both LDAP

server and CMC. On the LDAP server, a standard group object is used as a role group. A user who has CMC access becomes a

member of the role group. Privileges are still stored on CMC for authorization similar to the working of the Standard Schema setup

with Active Directory support.

To enable the LDAP user to access a specic CMC card, the role group name and its domain name must be congured on the

specic CMC card. You can congure a maximum of ve role groups in each CMC. A user has the option to be added to multiple

groups within the directory service. If a user is a member of multiple groups, then the user obtains the privileges of all their groups.

Conguring the generic LDAP directory to access CMC

The CMC's Generic LDAP implementation uses two phases in granting access to a user—user authentication, and then the user

authorization.

Conguring generic LDAP directory service using CMC web interface

To congure the generic LDAP directory service:

NOTE: You must have the Chassis Conguration Administrator privilege.

1. In the left pane, click Chassis Overview → User Authentication → Directory Services.

2. Select Generic LDAP.

The settings to be congured for standard schema is displayed on the same page.

NOTE: The Windows-based directory servers do not allow anonymous login. Hence, enter the bind DN name and

password.

3. Specify the following:

NOTE: For information about the various elds, see the

Online Help

• Common Settings

• Server to use with LDAP:

– Static server — Specify the FQDN or IP address and the LDAP port number.

– DNS server — Specify the DNS server to retrieve a list of LDAP servers by searching for their SRV record within the

DNS.

The following DNS query is performed for SRV records:

_[Service Name]._tcp.[Search Domain]

where < Search Domain > is the root level domain to use within the query and < Service Name > is the service

name to use within the query.

For example:

_ldap._tcp.dell.com

where ldap is the service name and dell.com is the search domain.

4. Click Apply to save the settings.

NOTE: You must apply the settings before continuing. If you do not apply the settings, the settings are lost when

you navigate to the next page.

5. In the Group Settings section, click a Role Group.

6. On the Congure LDAP Role Group page, specify the group domain name and privileges for the role group.

7. Click Apply to save the role group settings, click Go Back To Conguration page, and then select Generic LDAP.

8. If you have selected Certicate Validation Enabled option, then in the Manage Certicates section, specify the CA certicate

to validate the LDAP server certicate during SSL handshake and click Upload. The certicate is uploaded to CMC and the

details are displayed.

9. Click Apply.

The generic LDAP directory service is congured.

103