Dell POWEREDGE M1000E User Manual
Page 143
added to multiple groups within the directory service. If a user is a member of multiple groups, then the user obtains the
privileges of all their groups.
For information about the privileges level of the role groups and the default role group settings, see
The following figure illustrates configuration of CMC with Generic LDAP.
Figure 2. Configuration of CMC with Generic LDAP
Configuring the Generic LDAP Directory to Access CMC
The CMC's Generic LDAP implementation uses two phases in granting access to a user—user authentication and then
user authorization.
Authentication of LDAP Users
Some directory servers require a bind before any searches can be performed against a specific LDAP server.
To authenticate a user:
1.
Optionally bind to the Directory Service. The default is an anonymous bind.
2.
Search for the user based upon their user login. The default attribute is uid.
If more than one object is found, then the process returns an error.
3.
Unbind and perform a bind with the user's DN and password.
If the bind fails, then the login fails.
If these steps succeed, the user is authenticated.
Authorization of LDAP Users
To authorize a user:
1.
Search each configured group for the user's domain name within the member or uniqueMember attributes.
2.
For every group that the user is a member of, the privileges of all the groups get added together.
Configuring Generic LDAP Directory Service Using CMC Web-Based Interface
To configure the generic LDAP directory service:
143