Users Guide
Figure 11. Conguration of CMC with Generic LDAP
Conguring the Generic LDAP Directory to Access CMC
The CMC's Generic LDAP implementation uses two phases in granting access to a user—user authentication and then user authorization.
Authentication of LDAP Users
Some directory servers require a bind before any searches can be performed against a specic LDAP server.
To authenticate a user:
1 Optionally bind to the Directory Service. The default is an anonymous bind.
NOTE
: The Windows-based directory servers do not allow anonymous login. Hence, enter the bind DN name and password.
2 Search for the user based upon their user login. The default attribute is uid.
If more than one object is found, then the process returns an error.
3 Unbind and perform a bind with the user's DN and password.
If the bind fails, then the login fails.
If these steps succeed, the user is authenticated.
Authorization of LDAP Users
To authorize a user:
1 Search each congured group for the user's domain name within the member or uniqueMember attributes.
2 For every group that the user is a member of, the privileges of all the groups get added together.
158
Conguring User Accounts and Privileges