Dell KVM 4322DS User Manual

Page 133

Advertising
background image

LDAP Feature for the RCS

xxx

|

xxx

123

name is

"info"

.

Access control delimiters

The LDAP Standards specify that the semi-colon character (;) is used to
separate multiple properties within a single named attribute. Under normal
circumstances, this need not be changed. For example, suppose we have a dry-
erase-board marker object in the LDAP Directory, and the attribute “Color” is
used to identify colors that this marker might have.

Color: red;blue;green;black;purple

"Color" is the name of the attribute; the rest represents the attribute’s value – in
this case a compound value. With compound values, the semi-colon is the
delimiter used to mark the end of one component and the beginning of the next.

In rare cases, an LDAP Administrator may need the semi-colon to be part of the
value itself. In such instances, the Delimiter character has to be changed to
something else. If so, use this field to specify all of the characters (at least one
character is required; more than one is acceptable) that will identify how the
Access Control Attribute should be divided up. For example, the delimiter field
is set to

#$;

(three characters)

Color: red#blue$green;black#purple

These delimiters would find the same five value components as in the first
example above. LDAP Administrators should make sure that any Access Control
Delimiter characters defined do not appear as values for any attributes elsewhere
for any purpose other than that of delimiter.

As shown above, the Access Control Attribute (ACA) consists of a combination
of a name and a value. By default, we search LDAP Directory entries that match
up the user and the target device, looking for attributes named ‘info’. When
found, the value of such attributes should tell us the user’s authorization level on
that device. If the LDAP Services Administrator wishes to use an attribute
other than info, it may be customized via the field indicated above.

Because users may be members of several groups, and each group may have
differing authorization levels to different devices, a running tally is kept of the

Advertising
Popular Brands
Popular manuals