Appendix b updating the ldap/ldaps schema – Raritan Computer DOMINION KSX II User Manual
Page 305
295
IMPORTANT: The procedures in this chapter should be attempted
only by experienced users.
In This Chapter
Returning User Group Information ........................................................ 295
Setting the Registry to Permit Write Operations to the Schema ........... 296
Creating a New Attribute ....................................................................... 296
Adding Attributes to the Class ............................................................... 297
Updating the Schema Cache................................................................. 299
Editing rciusergroup Attributes for User Members ................................ 299
Returning User Group Information
Use the information in this section to return User Group information (and
assist with authorization) once authentication is successful.
From LDAP/LDAPS
When an LDAP/LDAPS authentication is successful, the KSX II
determines the permissions for a given user based on the permissions of
the user's group. Your remote LDAP server can provide these user group
names by returning an attribute named as follows:
rciusergroup
attribute type: string
This may require a schema extension on your LDAP/LDAPS server.
Consult your authentication server administrator to enable this attribute.
In addition, for Microsoft
®
Active Directory
®
, the standard LDAP
memberOf is used.
From Microsoft Active Directory
Note: This should be attempted only by an experienced Active Directory
®
administrator.
Returning user group information from Microsoft's
®
Active Directory for
Windows 2000
®
operating system server requires updating the
LDAP/LDAPS schema. See your Microsoft documentation for details.
1. Install the schema plug-in for Active Directory. See Microsoft Active
Directory documentation for instructions.
2. Run Active Directory Console and select Active Directory Schema.
Appendix B Updating the LDAP/LDAPS Schema