User Guide

ManualsBrandsEmerson ManualsInfrastructure ManagementEmerson Avocent Data Center Planner

141

142

143

144

145

146

147

148

149

150

Appendix C: External Authentication and Authorization

Lightweight Directory Access Protocol (LDAP) is a vendor-independent protocol standard used for accessing,

querying and updating a directory using TCP/IP. Based on the X.500 Directory Services model, LDAP is a

global directory structure that supports strong security features including authentication, privacy and integrity.

If individual user accounts are stored on an LDAP enabled directory service, of which there are several to choose

from you can use the directory service to authenticate users.

To create an external instance, you must have administrator credentials in Data Center Planner.

Prerequisites

• An external Authentication Source (Active Directory Domain, LDAP Server) must be configured and

available.

• A user account for creating the instance that can log into the external authentication server.

• The Avocent server must be installed.

• The external authentication server must be obtainable (Ping or DNS resolution) from the Avocent server.

To add an authentication type:

1. Launch the application and login as an administrator.

2. Select User management from the bottom menu.

3. Select Authentication from the top menu.

4. In the Actions/Authentication pane, click New. The Authentication service dialog opens.

5. Select Authentication type from the drop-down list.

6. Enter the applicable information as referenced in the table below.

7. Click OK.

8. The authentication type is added to the Authentication service table.

Authorization

Type

Field Description

AD/LDAP Instance name

The name by which the instance will be identified in the Available authentication

instances pane and in the login dialogs in the authentication source drop-down list.

The entry field is limited to AD domain naming conventions. This is a required field.

AD/LDAP Domain name

The name of the domain to which you will allow users to authenticate against. This

field supports dot delimited domain names. Users must exist in this domain to

authenticate in the Avocent console. You do not need to add AD users to the Avocent

Management Platform. You may simply point them to an authentication instance and

the instance will manage the authentication for them. This is a required field.

AD User container

The location in the AD domain containing the user accounts. You may enter this field

to direct the authentication instance to use this location for user accounts. If the field is

left blank, the default behavior is for the authentication instance to look for user

accounts beginning at the root of the tree.

AD Group container

Similar to the users container. The location in the AD domain containing the group

accounts. You may enter this field to direct the authentication instance to use this

location for group accounts. If the field is left blank, the default behavior is for the

authentication instance to look for group accounts beginning at the root of the tree.

Table C.1: Authorization Type and Descriptions

Appendices 137