Users Guide
Using the DRAC 4 With Microsoft Active Directory 107
Overview of the RAC Schema Extensions
To provide the greatest flexibility in the multitude of customer environments,
Dell provides a group of properties that can be configured by the user
depending on the desired results. Dell has extended the schema to include an
Association, Device, and Privilege property. The Association property is used
to link together the users or groups with a specific set of privileges to one or
more RAC devices. This model provides an Administrator maximum
flexibility over the different combinations of users, RAC privileges, and RAC
devices on the network without adding too much complexity.
Active Directory Object Overview
For each of the physical RACs on the network that you want to integrate with
Active Directory for Authentication and Authorization, you must create at
least one Association Object and one RAC Device Object. You can create as
many Association Objects as you want, and each Association Object can be
linked to as many users, groups of users, or RAC Device Objects as desired.
The users and RAC Device Objects can be members of any domain in the
enterprise.
However, each Association Object can be linked (or, may link users, groups of
users, or RAC Device Objects) to only one Privilege Object. This allows an
Administrator to control which users have what kind of privileges on specific
RACs.
The RAC Device object is the link to the RAC firmware for querying Active
Directory for authentication and authorization. When a RAC is added to the
network, the Administrator must configure the RAC and its device object
with its Active Directory name so that users can perform authentication and
authorization with Active Directory. The Administrator will also need to add
the RAC to at least one Association Object in order for users to authenticate.
Figure 5-1 illustrates that the Association Object provides the connection
that is needed for all of the Authentication and Authorization.