User's Manual
Typical Setup for Active Directory Objects
You can create as many or as few association objects as you want or need. However, you must create at least one Association Object, and you must have one
RAC Device Object for each RAC (DRAC 4) on the network that you want to integrate with Active Directory for Authentication and Authorization with the RAC
(DRAC 4). The Association Object allows for as many or as few users and/or groups as well as RAC Device Objects. But, the Association Object only has one
Privilege Object per Association Object. The Association Object connects the "Users" who have "Privileges" on the RACs (DRAC 4s).
In addition, you can set up Active Directory objects in a single domain or in multiple domains. For example, you have two DRAC 4 cards (RAC1 and RAC2) and
three existing Active Directory users (user1, user2, and user3). You want to give user1 and user2 an administrator privilege to both DRAC 4 cards and give
user3 a login privilege to the RAC2 card. Figure 5-2 shows how you set up the Active Directory objects in this scenario.
Figure 5-2.
Setting Up Active Directory Objects in a Single Domain
To set up the objects for the single domain scenario, perform the following tasks:
1. Create two Association Objects.
2. Create two RAC Device Objects, RAC1 and RAC2, to represent the two DRAC 4 cards.
3. Create two Privilege Objects, Priv1 and Priv2, in which Priv1 has all privileges (administrator) and Priv2 has login privileges.
4. Group user1 and user2 into Group1.
5. Add Group1 as Members in Association Object 1 (AO1), Priv1 as Privilege Objects in AO1, and RAC1, RAC2 as RAC Devices in AO1.
6. Add User3 as Members in Association Object 2 (AO2), Priv2 as Privilege Objects in AO2, and RAC2 as RAC Devices in AO2.
See "Adding DRAC 4 Users and Privileges to Active Directory" for detailed instructions.
Figure 5-3 shows how you set up the Active Directory objects in multiple domains. In this scenario, you have two DRAC 4 cards (RAC1 and RAC2) and three
existing Active Directory users (user1, user2, and user3) User1 is in Domain1 and user2, user 3 are in Domain2. You want to give user1, user 2 an
administrator privilege to both DRAC 4 cards and give user3 a login privilege to the RAC2 card.
Figure 5-3.