Users Guide

ManualsBrandsDell ManualsActive System ManagerEMC OpenManage Enterprise

131

132

133

134

135

136

137

138

139

140

Table 27. OpenManage Enterprise Pre-requisites/supported attributes for LDAP Integration (continued)

Attribute of User Login Attribute of Group

Membership

Certificate Requirement

• Only Base64 certificate format

is supported

OpenLDAP uid, sn Uniquemember Only PEM certificate format is

supported

PHP LDAP uid MemberUid

User pre-requisites for directory service integration

You must ensure that the following user pre-requisites are met before you begin with the directory service integration:

1. BindDN user and user used for 'Test connection' should be the same.

2. If Attribute of User Login is provided, only the corresponding username value assigned to the attribute is allowed for appliance login.

3. User used for Test connection should be part of any non-default group in LDAP

4. Attribute of Group Membership should have either the 'userDN' or the short name (used for logging in) of the user.

5. When MemberUid is used as 'Attribute of Group Membership,' the username used in appliance login will be considered case sensitive in

some LDAP configurations.

6. When search filter is used in LDAP configuration, user login is not allowed for those users who is not part of the search criteria

mentioned.

7. Group search will work only if the groups have users assigned under the provided Attribute of Group Membership .

NOTE:

If the OpenManage Enterprise is hosted on an IPv6 network, the SSL authentication against domain controller

using FQDN would fail if IPv4 is set as preferred address in DNS. To avoid this failure, do one of the following:

• DNS should be set to return IPv6 as preferred address when queried with FQDN.

• DC certificate needs to have IPv6 in SAN field.

To use the Directory Services:

• Add a directory connection. See Add or edit Active Directory groups to be used with Directory Services on page 135.

• Import directory groups and map all users in the group to a specific role. See Import AD and LDAP groups on page 134.

• For DM users, edit the directory group to add the groups the DM can manage. See Add and edit OpenManage Enterprise users on

page 132.

Import AD and LDAP groups

NOTE:

The users without Administrator rights cannot enable or disable the Active Directory (AD) and Lightweight

Directory Access Protocol (LDAP) users.

NOTE: Before importing AD groups in OpenManage Enterprise, you must include the user groups in a UNIVERSAL

GROUP while configuring the AD.

1. Click Import Directory Group.

2. In the Import Active Directory dialog box:

a. From the Directory Source drop-down menu, select an AD or LDAP source that must be imported for adding groups. For adding

directories, see Add or edit Active Directory groups to be used with Directory Services on page 135.

b. Click Input Credentials.

c. In the dialog box, type the username and password of the domain where the directory is saved. Use tool tips to enter the correct

syntax.

d. Click Finish.

3. In the Available Groups section:

a. In the Find a Group box, enter the initial few letters of the group name available in the tested directory. All the groups names that

begin with the entered text are listed under GROUP NAME.

134

Managing OpenManage Enterprise appliance settings