Reference Guide
Default ldap
cfgLDAPRoleGroup
Use this object with the getconfig or config subcommands.
To use this object property, you must have the Chassis Conguration Administrator privilege.
NOTE: You can congure any setting that is not preceded by the hash sign (#) in the output. To modify a congurable
object, use the
-o option.
This group congures Generic LDAP Role group descriptions and denes the CMC privileges that LDAP–authenticated users are
granted.
cfgLDAPRoleGroup is indexed, containing instances numbered from 1 to 5. Each object instance consists of a pair of properties:
• cfgLDAPRoleGroupDN: an LDAP distinguished name (DN)
• cfgLDAPRoleGroupPrivilege: a CMC privilege map
Each LDAP–authenticated user assumes the total set of CMC privileges assigned to the matching LDAP distinguished names that
the user belongs to.
That is, if the user belongs to multiple role group DNs, the user receives all associated privileges for those DNs.
The following sections provide information about the objects in the cfgLdapRoleGroup group.
cfgLDAPRoleGroupDN (Read/Write)
Description
This is the Domain Name of the group in this index.
For CMC, congure the LDAP distinguished name (DN) for the
role group instance.
Legal Values String. Maximum length = 1024
Default None
Example
racadm getconfig -g cfgLDAPRoleGroup -o cfgLDAPRoleGroupDN
-i 1 cn=everyone,ou=groups,dc=openldap,dc=com
cfgLDAPRoleGroupPrivilege (Read/Write)
Description
A bit–mask dening the privileges associated with this particular
group.
Legal Values 0x00000000 to 0x000001
Default 0x000
Example
racadm getconfig -g cfgLDAPRoleGroup -o cfgLDAPRoleGroupPrivilege
-i 1 0x0
142