Users Guide
a. From the Directory Source drop-down menu, select an AD or LDAP source that must be imported for adding groups.
For adding directories, see Add or edit Active Directory groups to be used with Directory Services on page 138.
b. Click Input Credentials.
c. In the dialog box, type the username and password of the domain where the directory is saved. Use tool tips to enter the
correct syntax.
d. Click Finish.
3. In the Available Groups section:
a. In the Find a Group box, enter the initial few letters of the group name available in the tested directory. All the groups
names that begin with the entered text are listed under GROUP NAME.
b. Select the check boxes corresponding to the groups be imported, and then click the >> or << buttons to add or remove
the groups.
4. In the Groups to be Imported section:
a. Select the check boxes of the groups, and then select a role from the Assign Group Role drop-down menu. For more
information about the role-based access, see Role-based OpenManage Enterprise user privileges on page 14.
b. Click Assign.
The users in the group under the selected directory service are assigned with the selected user roles.
5. Repeat steps 3 and 4, if necessary.
6. Click Import.
The directory groups are imported and displayed in the Users list. However, all users in those groups will log in to
OpenManage Enterprise by using their domain username and credentials.
It is possible for a domain user, for example john_smith, to be a member of multiple directory groups, and also for those groups
to be assigned different roles. In this case, the user will receive the highest level role for all the directory groups the user is a
member of.
● Example 1: The user is a member of three groups with admin, DM, and viewer roles. In this case, user becomes an
administrator.
● Example 2: The user is a member of three DM groups and a viewer group. In this case, the user will become a DM with
access to the union of device groups across the three DM roles.
Add or edit Active Directory groups to be used with Directory
Services
1. Click Application Settings > Users > Directory Services, and then click Add.
2. In the Connect to Directory Service dialog box, by default, AD is selected to indicate that directory type is Active
Directory (AD):
NOTE:
To create an LDAP user group by using Directory Services, see Add or edit Lightweight Directory Access
Protocol groups to be used with Directory Services on page 139.
a. Enter a desired name for the AD directory.
b. Select the Domain Controller Lookup method:
● DNS: In the Method box, enter the domain name to query DNS for the domain controllers.
● Manual: In the Method box, enter the FQDN or the IP address of the domain controller. For multiple servers, a
maximum of three servers are supported, use a comma-separated list.
c. In the Group Domain box, enter the group domain as suggested in the tool tip syntax.
3. In the Advanced Options section:
a. By default, Global Catalog Address port number 3269 is populated. For the Domain Controller Access, enter 636 as the
port number.
NOTE: Only LDAPS ports are supported.
b. Enter the network timeout and search timeout duration in seconds. The maximum timeout duration supported is 300
seconds.
c. To upload an SSL certificate, select Certificate Validation and click Select a file. The certificate should be a Root CA
Certificate encoded in Base64 format.
The Test connection tab is displayed.
4. Click Test connection.
138
Managing OpenManage Enterprise appliance settings