Users Guide

ManualsBrandsDell ManualsActive System ManagerEMC OpenManage Enterprise

111

112

113

114

115

116

117

118

119

120

Add or edit Lightweight Directory Access Protocol groups

to be used with Directory Services

1. Click Application Settings > Users > Directory Services, and then click Add.

2. In the Connect to Directory Service dialog box, select LDAP as the directory type.

NOTE: To create an AD user group by using Directory Services, see Add or edit Active Directory groups to be used

with Directory Services.

a) Enter a desired name for the LDAP directory.

b) Select the Domain Controller Lookup method:

• DNS: In the Method box, enter the domain name to query DNS for the domain controllers.

• Manual: In the Method box, enter the FQDN or the IP address of the domain controller. For multiple servers, a maximum of

three servers are supported, use a comma-separated list.

c) Enter the LDAP Bind Distinguished Name (DN) and password.

NOTE: Anonymous bind is not supported for AD LDS.

3. In the Advanced Options section:

a) By default, LDAP port number of 636 is populated. To change, enter a port number.

NOTE: Only LDAPS ports are supported.

b) To match the LDAP configuration on the server, enter the group base DN to search for.

c) Enter the User attributes already configured in the LDAP system. It is recommended that this is unique within the selected Base

DN. Else, configure a search filter to ensure that it is unique. If the user DN cannot be uniquely identified by the search combination

of attribute and search filter, the login operation fails.

NOTE:

The user attributes should be configured in the LDAP system used to query before integrating on the

directory services.

NOTE: You need to enter the user attributes as cn or sAMAccountName for AD LDS configuration and UID for

LDAP configuration

d) In the Attribute of Group Membership box, enter the attribute that stores the groups and member information in the directory.

e) Enter the network timeout and search timeout duration in seconds. The maximum timeout duration supported is 300 seconds.

f) To upload an SSL certificate, select Certificate Validation and click Select a file. The certificate should be a Root CA Certificate

encoded in Base64 format.

The Test connection button is enabled.

4. Click Test connection, and then enter the bind user credentials of the domain to be connected to.

NOTE:

While testing the connection, ensure that the Test username is the value of the Attribute of User Login

entered previously.

5. Click Test connection.

In the Directory Service Information dialog box, a message is displayed to indicate successful connection.

6. Click Ok.

7. Click Finish.

A job is created and run to add the requested directory in the Directory Services list.

1. In the DIRECTORY NAME column, select the directory. The Directory Service properties are displayed in the right pane.

2. Click Edit.

3. In the Connect to Directory Service dialog box, edit the data and click Finish. The data is updated and saved.

Set the login security properties

NOTE:

To perform any tasks on OpenManage Enterprise, you must have necessary user privileges. See Role-based

OpenManage Enterprise user privileges.

NOTE: AD and LDAP directory users can be imported and assigned one of the OpenManage Enterprise roles (Admin,

DeviceManager, or Viewer).

By clicking OpenManage Enterprise > Application Settings > Security, you can secure your OpenManage Enterprise either by

specifying the Restrict Allowed IP Range or the Login Lockout Policy.

Managing OpenManage Enterprise appliance settings

119