User guide
12
RacDevice, from which we are authenticating, is part of this attribute. Note that the
dellProductMembers can be groups of RACs and will retain the aforementioned member-memberOf
relationship. So, we will walk the list using the Member attribute for all of the groups that are in the list.
If we find the name of the RAC Device that we are authenticating in the list, then we have authenticated
the user and all we need to do is read the dellPrivilegeObject attributes and return them to the RAC as
the authorization data (Privileges).
Active Directory Standard Schema
This requires iDRAC6 version 1.20 or later. The schema-extending solution provides maximum flexibility
to the user but may be intimidating to some customers because the schema extension is not reversible.
To meet the requirements from those customers who do not want to extend their existing Active
Directory schema, Dell provides a standard schema solution in addition to the schema extension. This
solution will provide the same flexibility of the current schema-extending solution and will allow
granting different users different privileges on iDRAC6. The difference is that all the objects used in the
standard schema solution are standard Active Directory objects while the schema-extending solution
adds Dell objects to the users’ Active Directory. The basic authentication and SSL connection are the
same as they are with the Dell schema extension solution.
Instead of using the Dell Association object, Dell privilege object, and RAC device object to link a user, a
standard group object has been used as a role group object. Any users in that role group have assigned
privileges on certain iDRAC6 cards. The privilege of that role group has been defined in each individual
iDRAC6 configuration database illustrated in Figure 4. Different iDRAC6 cards can give the same role
group object different privileges.
Figure 4 Active Directory Configuration Database