Users Guide
Using the DRAC 5 With Microsoft Active Directory 107
Overview of the RAC Schema Extensions
To provide the greatest flexibility in the multitude of customer
environments, Dell provides a group of properties that can be configured by
the user depending on the desired results. Dell has extended the schema to
include an Association, Device, and Privilege property. The Association
property is used to link together the users or groups with a specific set of
privileges to one or more RAC devices. This model provides an Administrator
maximum flexibility over the different combinations of users, RAC privileges,
and RAC devices on the network without adding too much complexity.
Active Directory Object Overview
For each of the physical RACs on the network that you want to integrate with
Active Directory for Authentication and Authorization, create at least one
Association Object and one RAC Device Object. You can create multiple
Association Objects, and each Association Object can be linked to as many
users, groups of users, or RAC Device Objects as required. The users and
RAC Device Objects can be members of any domain in the enterprise.
However, each Association Object can be linked (or, may link users, groups of
users, or RAC Device Objects) to only one Privilege Object. This example
allows an Administrator to control each user’s privileges on specific RACs.
The RAC Device object is the link to the RAC firmware for querying Active
Directory for authentication and authorization. When a RAC is added to the
network, the Administrator must configure the RAC and its device object
with its Active Directory name so users can perform authentication and
authorization with Active Directory. Additionally, the Administrator must
add the RAC to at least one Association Object in order for users to
authenticate.
Figure 6-2 illustrates that the Association Object provides the connection
that is needed for all of the Authentication and Authorization.