Configuring generic ldap users – Dell POWEREDGE M1000E User Manual

Optional: If you want to specify an LDAP or Global Catalog server instead of using the servers returned by the DNS
server to search for a user name, type the following command to enable the Specify Server option:
racadm config -g cfgActiveDirectory -o

cfgADSpecifyServerEnable 1

NOTE: When you use the Specify Server option, the host name in the certificate authority-signed certificate is
not matched against the name of the specified server. This is particularly useful if you are a CMC
administrator, because it enables you to enter a host name as well as an IP address.

After you enable the Specify Server option, you can specify an LDAP server and global catalog with IP addresses
or fully qualified domain names (FQDNs) of the servers. The FQDNs consist of the host names and the domain
names of the servers.
To specify an LDAP server, type:
racadm config -g cfgActiveDirectory -o

cfgADDomainController <AD domain controller IP address>

To specify a Global Catalog server, type:
racadm config -g cfgActiveDirectory -o

cfgADGlobalCatalog <AD global catalog IP address>

NOTE: Setting the IP address as 0.0.0.0 disables CMC from searching for a server.

NOTE: You can specify a list of LDAP or global catalog servers separated by commas. CMC allows you to
specify up to three IP addresses or host names.

NOTE: LDAP or LDAPs that are not correctly configured for all domains and applications may produce
unexpected results during the functioning of the existing applications/domains.

2.

Specify a DNS server using one of the following options:

– If DHCP is enabled on CMC and you want to use the DNS address obtained automatically by the DHCP server,

type the following command:
racadm config -g cfgLanNetworking -o

cfgDNSServersFromDHCP 1

– If DHCP is disabled on CMC, or if DHCP is enabled but you want to specify your DNS IP address manually, type

following commands:
racadm config -g cfgLanNetworking -o

cfgDNSServersFromDHCP 0

racadm config -g cfgLanNetworking -o

cfgDNSServer1 <primary DNS IP address>

racadm config -g cfgLanNetworking -o

cfgDNSServer2 <secondary DNS IP address>

The Extended Schema feature configuration is complete.

Configuring Generic LDAP Users

CMC provides a generic solution to support Lightweight Directory Access Protocol (LDAP)-based authentication. This
feature does not require any schema extension on your directory services.
A CMC administrator can now integrate the LDAP server user logins with CMC. This integration requires configuration
on both LDAP server and CMC. On the LDAP server, a standard group object is used as a role group. A user who has
CMC access becomes a member of the role group. Privileges are still stored on CMC for authorization similar to the
working of the Standard Schema setup with Active Directory support.
To enable the LDAP user to access a specific CMC card, the role group name and its domain name must be configured
on the specific CMC card. You can configure a maximum of five role groups in each CMC. A user has the option to be

142