Users Guide

ManualsBrandsDell ManualsActive System ManagerChassis Management Controller Version 2.20 for Dell PowerEdge VRTX

121

122

123

124

125

126

127

128

129

130

For information about the privileges level of the role groups and the default role group settings, see Types of Users.

Configuring the Generic LDAP Directory to Access CMC

The CMC's Generic LDAP implementation uses two phases in granting access to a user—user authentication, and then the user

authorization.

Authentication of LDAP Users

Some directory servers require a bind before a specific LDAP server can be searched for.

To authenticate a user:

1. Optionally bind to the Directory Service. The default is an anonymous bind.

2. Search for the user on the basis of the user login. The default attribute is uid. If more than one object is found, then the

process returns an error.

3. Unbind and perform a bind with the user's DN and password. If the system is unable to bind, then the login will not be

successful.

4. If these steps succeed, the user is authenticated.

Authorization Of LDAP Users

To authorize a user:

1. Search each configured group for the user's domain name within the member or uniqueMember attributes. An

administrator can configure a user domain.

2. For every user group that the user belongs to, give the user appropriate user access rights and privileges.

Configuring Generic LDAP Directory Service Using CMC Web Interface

To configure the generic LDAP directory service:

NOTE: You must have the Chassis Configuration Administrator privilege.

1. In the left pane, click Chassis Overview → User Authentication → Directory Services.

2. Select Generic LDAP.

The settings to be configured for standard schema is displayed on the same page.

3. Specify the following:

NOTE: For information about the various fields, see the

Online Help

• Common Settings

• Server to use with LDAP:

– Static server — Specify the FQDN or IP address and the LDAP port number.

– DNS server — Specify the DNS server to retrieve a list of LDAP servers by searching for their SRV record within the

DNS.

The following DNS query is performed for SRV records:

_[Service Name]._tcp.[Search Domain]

where <Search Domain> is the root level domain to use within the query and <Service Name> is the service

name to use within the query.

For example:

_ldap._tcp.dell.com

where ldap is the service name and dell.com is the search domain.

4. Click Apply to save the settings.

NOTE: You must apply the settings before continuing. If you do not apply the settings, the settings are lost when

you navigate to the next page.

130