Manualshelf

White Papers

ManualsBrandsDell ManualsActive System ManagerDRAC5 Version 1.60
12345678910
PAGE 10 OF 24
For an Active Directory user to have authority to access a DRAC 5, this user object or group has to
be added to the Dell Association object. A Dell privilege object with the right privilege setting also
needs to be added to the Dell Association object. Finally, a Dell RAC device object which
represents a DRAC 5 is added to Dell Association object. The RAC device object name has to be
configured to that DRAC 5.
The basis for searching Active Directory to authenticate and authorize the RAC User will be that
there is a member-memberOf relationship on the Association Object -- it is derived from group.
Every member of a Group has a corresponding Linked Attribute member called memberOf that is
part of the User Class. When we authenticate a user with LDAP, we can get the memberOf
Attribute that will contain all of the Groups that this user is a member of. We can then walk
through these groups until we arrive at our dellAssocationObject class. Note that the user could be
a member of multiple association object classes, so we must take this into account in our query.
When we find the dellAssocationObject Class that this user is a member of, we will then access the
dellProductMembers attribute and walk this in the reverse order to determine if the RacDevice,
from which we are authenticating, is part of this attribute. Note that the dellProductMembers can
be groups of RACs and will retain the aforementioned member-memberOf relationship. So, we will
walk the list using the Member attribute for all of the groups that are in the list. If we find the name
of the RAC Device that we are authenticating in the list, then we have authenticated the user and
all we need to do is read the dellPrivilegeObject attributes and return them to the RAC as the
authorization data (Privileges).
Log in via Active Directory Without Dell Schema Extension
NOTE: Requires DRAC 5 version 1.20 firmware and later.
Dell has been using Active Directory to manage DRAC 5 users and their access privileges on
different DRAC 5 cards. The schema-extending solution provides maximum flexibility to the user
but may be intimidating to some customers because the schema extension is not reversible.
To meet the requirements from those customers who do not want to extend their existing Active
Directory schema, Dell now provides a standard schema solution in addition to the schema
extension. This solution will provide the same flexibility of the current schema-extending solution –
it will allow granting different users different privileges on different DRAC 5 cards. The difference is
that all the objects used in the standard schema solution are standard Active Directory objects
while the schema-extending solution adds Dell objects to the users’ Active Directory.
The basic authentication and SSL connection are the same as the Active Directory with the Dell
schema extension solution.
Instead of using the Dell Association object, Dell privilege object, and RAC device object to link a
user, a standard group object has been used as a role group object. Any users in that role group
have assigned privileges on certain DRAC 5 cards. The privilege of that role group has been
defined in each individual DRAC 5 configuration database. Different DRAC 5 cards can give the
same role group object different privileges.