Reference Guide
cfgLdapRoleGroup
This group allows the user to configure role groups for LDAP.
This group configures Generic LDAP Role group descriptions and defines the privileges that LDAP-
authenticated users are granted.
Use this object with the config or getconfig subcommands.
To use this object property, you must have the Chassis Configuration Administrator privilege.
NOTE: You can configure a setting that does not have the hash sign (#) prefixed in the output. To
modify a configurable object, use the —o option.
cfgLDAPRoleGroup is indexed, containing instances numbered from 1 to 5. Each object instance
consists of a pair of properties:
• cfgLDAPRoleGroupDN — an LDAP distinguished name (DN)
• cfgLDAPRoleGroupPrivilege — a CMC privilege map
Each LDAP-authenticated user assumes the total set of CMC privileges assigned to the matching LDAP
distinguished names that the user belongs to. That is, if the user belongs to multiple role group DNs, the
user receives all associated privileges for that DNs.
The following sections provide information about the objects in the cfgLdapRoleGroup.
cfgLDAPRoleGroupIndex (Read Only)
Description It is the index value of the Role Group Object.
Legal Values
An integer between 1 and 5
Default
<instance>
cfgLdapRoleGroupDN (Read or Write)
Description It is the Domain Name of the group in this index.
Configures the LDAP distinguished name (DN) for the role group instance.
Legal Values
String. Maximum length = 1024
Default
None
Example
racadm getconfig -g cfgLDAPRoleGroup -o cfgLDAPRoleGroupDN
-i 1 cn=everyone,ou=groups,dc=openldap,dc=com
169