Users Guide
Figure 11. Conguration of CMC with Generic LDAP
Conguring the Generic LDAP Directory to Access CMC
The CMC's Generic LDAP implementation uses two phases in granting access to a user—user authentication and then user
authorization.
Authentication of LDAP Users
Some directory servers require a bind before any searches can be performed against a specic LDAP server.
To authenticate a user:
1. Optionally bind to the Directory Service. The default is an anonymous bind.
NOTE: The Windows-based directory servers do not allow anonymous login. Hence, enter the bind DN name and
password.
2. Search for the user based upon their user login. The default attribute is uid.
If more than one object is found, then the process returns an error.
3. Unbind and perform a bind with the user's DN and password.
If the bind fails, then the login fails.
If these steps succeed, the user is authenticated.
Authorization of LDAP Users
To authorize a user:
1. Search each congured group for the user's domain name within the member or uniqueMember attributes.
2. For every group that the user is a member of, the privileges of all the groups get added together.
Conguring Generic LDAP Directory Service Using CMC Web-Based Interface
To congure the generic LDAP directory service:
NOTE: You must have Chassis Conguration Administrator privilege.
1. In the system tree, go to Chassis Overview, and then click User Authentication → Directory Services.
2. Select Generic LDAP.
The settings to be congured for standard schema is displayed on the same page.
3. Specify the following:
139