Users Guide
180 Using the iDRAC6 Directory Service
Login Syntax (Directory User versus Local User)
Unlike Active Directory, special characters ("@", "\", and "/") are not used to
differentiate an LDAP user from a local user. The login user should only enter
the user name, excluding the domain name. iDRAC6 takes the user name as
is and does not break it down to the user name and user domain. When
generic LDAP is enabled, iDRAC6 first tries to login the user as a directory
user. If it fails, local user lookup is enabled.
NOTE: There is no behavior change on the Active Directory login syntax. When
generic LDAP is enabled, the GUI login page displays only "This iDRAC" in the
drop-down menu.
NOTE: "<" and ">" characters are not allowed in the user name for openLDAP and
OpenDS based directory services.
Configuring Generic LDAP Directory Service Using the iDRAC6 Web-
Based Interface
1
Open a supported Web browser window.
2
Log in to the iDRAC6 Web-based interface.
3
Expand the
System
tree and click
Remote Access
.
4
Click the
Network/Security
tab
→
Directory Service
tab
→
Generic LDAP
Directory Service
.
5
The
Generic LDAP Configuration and Management
page displays the
current iDRAC6 generic LDAP settings. Scroll to the bottom of the
Generic LDAP Configuration and Management
page, and click
Configure Generic LDAP
.
NOTE: In this release, only Standard Schema Active Directory (SSAD)
without extensions is supported.
The
Step 1 of 3 Generic LDAP Configuration and Management
page is
displayed. Use this page to configure the digital certificate used during
initiation of SSL connections when communicating with a generic LDAP
server. These communications use LDAP over SSL (LDAPS). If you enable
certificate validation, upload the certificate of the Certificate Authority
(CA) that issued the certificate used by the LDAP server during initiation
of SSL connections. The CA's certificate is used to validate the
authenticity of the certificate provided by the LDAP server during SSL
initiation.