Deployment Guide
represents the system. The Association Object links it with users and privileges. You can create as many
Association Objects as you need.
Each Association Object can be linked to as many users, groups of users, and Product Objects as
required. The users and Product Objects can be from any domain. However, each Association Object
may only link to one Privilege Object. This behavior allows an administrator to control users and their
rights on specific systems.
The Product Object links the system to Active Directory for authentication and authorization queries.
When a system is added to the network, the administrator must configure the system and its product
object with its Active Directory name so that users can perform authentication and authorization with
Active Directory. The administrator must also add the system to at least one Association Object for users
to authenticate.
The following figure illustrates that the Association Object provide the connection that is needed for all of
the authentication and authorization.
Figure 1. Typical Setup for Active Directory Objects
In addition, you can set up Active Directory objects in a single domain or in multiple domains. Setting up
objects in a single domain does not vary, whether you are setting up RAC, or Server Administrator
objects. When multiple domains are involved, however, there are some differences.
38