Updating the ldap schema, Returning user group information, From ldap – Raritan Computer DOMINION KX II DKX2-0E-E User Manual

197

Note: The procedures in this chapter should be attempted only by experienced
users.

In This Chapter

Returning User Group Information ............................................................197
Setting the Registry to Permit Write Operations to the Schema .............198
Creating a New Attribute .............................................................................198
Adding Attributes to the Class ....................................................................199
Updating the Schema Cache ........................................................................201
Editing rciusergroup Attributes for User Members..................................201

Returning User Group Information

Use the information in this chapter to return User Group information
(and assist with authorization) once authentication is successful.

From LDAP

When an LDAP authentication is successful, Dominion KX II determines
the permissions for a given user based on the permissions of the user's
group. Your remote LDAP server can provide these user group names
by returning an attribute named as follows:

rciusergroup

attribute type: string

This may require a schema extension on your LDAP server. Consult your
authentication server administrator to enable this attribute.

In addition, the standard LDAP memberOf is used.

From Microsoft Active Directory

Note: This should be attempted only by an experienced Active Directory
administrator.

Returning user group information from Microsoft's Active Directory for
Windows 2000 Server requires updating the LDAP schema. Refer to your
Microsoft documentation for more detail.

1. Install the schema plug-in for Active Directory - refer to Microsoft

Active Directory documentation for instructions.

2. Run Active Directory Console and select Active Directory Schema.

Appendix B Updating the LDAP Schema