Users Guide
Authentication of LDAP Users
Some directory servers require a bind before any searches can be performed against a specific LDAP
server.
To authenticate a user:
1. Optionally bind to the Directory Service. The default is an anonymous bind.
2. Search for the user based upon their user login. The default attribute is uid.
If more than one object is found, then the process returns an error.
3. Unbind and perform a bind with the user's DN and password.
If the bind fails, then the login fails.
If these steps succeed, the user is authenticated.
Authorization of LDAP Users
To authorize a user:
1. Search each configured group for the user's domain name within the member or uniqueMember
attributes.
2. For every group that the user is a member of, the privileges of all the groups get added together.
Configuring Generic LDAP Directory Service Using CMC Web-Based
Interface
To configure the generic LDAP directory service:
NOTE: You must have Chassis Configuration Administrator privilege.
1. In the system tree, go to Chassis Overview, and then click User Authentication → Directory
Services.
2. Select Generic LDAP.
The settings to be configured for standard schema is displayed on the same page.
3. Specify the following:
NOTE: For information about the various fields, see the CMC Online Help.
• Common Settings
• Server to use with LDAP:
– Static server — Specify the FQDN or IP address and the LDAP port number.
– DNS server — Specify the DNS server to retrieve a list of LDAP servers by searching for their
SRV record within the DNS.
The following DNS query is performed for SRV records:
_[Service Name]._tcp.[Search Domain]
where <Search Domain> is the root level domain to use within the query and <Service
Name
> is the service name to use within the query.
For example:
_ldap._tcp.dell.com
170