Manualshelf

Users Guide

ManualsBrandsDell ManualsActive System ManagerChassis Management Controller Version 6.21 For Dell PowerEdge M1000e
131132133134135136137138139140
Figure 11. Configuration of CMC with Generic LDAP
Configuring the Generic LDAP Directory to Access CMC
The CMC's Generic LDAP implementation uses two phases in granting access to a user—user authentication and then user authorization.
Authentication of LDAP Users
Some directory servers require a bind before any searches can be performed against a specific LDAP server.
To authenticate a user:
1. Optionally bind to the Directory Service. The default is an anonymous bind.
NOTE:
The Windows-based directory servers do not allow anonymous login. Hence, enter the bind DN name and
password.
2. Search for the user based upon their user login. The default attribute is uid.
If more than one object is found, then the process returns an error.
3. Unbind and perform a bind with the user's DN and password.
If the bind fails, then the login fails.
If these steps succeed, the user is authenticated.
Authorization of LDAP Users
To authorize a user:
1. Search each configured group for the user's domain name within the member or uniqueMember attributes.
2. For every group that the user is a member of, the privileges of all the groups get added together.
Configuring Generic LDAP Directory Service Using CMC
Web-Based Interface
To configure the generic LDAP directory service:
NOTE: You must have Chassis Configuration Administrator privilege.
1. In the system tree, go to Chassis Overview, and then click User Authentication > Directory Services.
2. Select Generic LDAP.
The settings to be configured for standard schema is displayed on the same page.
3. Specify the following:
Configuring User Accounts and Privileges
139