Manualshelf

Owner's Manual

ManualsBrandsDell ManualsSoftwareDell Chassis Management Controller Version 4.0
311312313314315316317318319320
310 Using the CMC Directory Service
Authentication and Authorization of the LDAP Users
Some directory servers require a bind before any searches can be performed
against a specific LDAP server. The steps for authentication are:
1
Optionally bind to the Directory Service. The default is an anonymous
bind.
2
Search for the user based upon their user login. The default attribute is
uid
.
3
If more than one object is found, then the process returns an error.
4
Unbind and perform a bind with the user's DN and password.
5
If the bind fails, then the login fails.
If these steps succeed then the user is considered authenticated. The next
phase is authorization. CMC stores a maximum of 5 groups and their
corresponding privileges. A user has the option to be added to multiple
groups within the directory service. If the user is a member of multiple
groups, then the user obtains the privileges of all their groups.
The authorization steps are:
1
Search through each configured group for the user's DN within the
member
or
uniqueMember
attributes. This field can be configured by the
administrator.
2
For every group the user is a member of, add their privileges together.
Configuring Generic LDAP Directory Service Using CMC Web-Based
Interface
You can use the Generic Lightweight Directory Access Protocol (LDAP)
Service to configure your software to provide access to CMC. LDAP allows
you to add and control the CMC user privileges of your existing users.
NOTE: To configure LDAP settings for CMC, you must have Chassis Configuration
Administrator privilege.
For more information about LDAP configuration configuring Generic LDAP,
see "Using CMC with Generic LDAP" on page 308.