Ldap Configuration And Microsoft's Active Directory; Example Of The Dictiona.dcm File - HP A7533A - Brocade 4Gb SAN Switch Base Administrator's Manual
Hp storageworks fabric os 6.1.x administrator guide (5697-0234, november 2009)
Hide thumbs
Also See for A7533A - Brocade 4Gb SAN Switch Base:
- Administrator's manual (576 pages) ,
- Hardware reference manual (256 pages) ,
- User manual (248 pages)
Table of Contents
Advertisement
#######################################################################
# dictiona.dcm
#######################################################################
# Generic Radius
@radius.dct
#
# Specific Implementations (vendor specific)
#
@3comsw.dct
@aat.dct
@acc.dct
@accessbd.dct
@agere.dct
@agns.dct
@airespace.dct
@alcatel.dct
@altiga.dct
@annex.dct
@aptis.dct
@ascend.dct
@ascndvsa.dct
@axc.dct
@brocade.dct
@bandwagn.dct
@brocade.dct <-------
Figure 2
Example of the dictiona.dcm file
c. When selecting items from the Add Return List Attribute, select Brocade-Auth-Role and type the
string Admin. The string will equal the role on the switch.
d. Add the Brocade profile.
5.
In RSA Authentication Manager, edit the user records that will be authenticating using RSA
SecurID.
LDAP configuration and Microsoft's Active Directory
LDAP provides user authentication and authorization using Microsoft's Active Directory service in
conjunction with LDAP on the switch. There are two modes of operation in LDAP authentication, FIPS mode
and non-FIPS mode. This section discusses LDAP authentication in non-FIPS mode. For more information on
LDAP in FIPS mode, refer to
restrictions when using LDAP:
•
In Fabric OS 6.1.x and later there will be no password change through Active Directory.
•
There is no automatic migration of newly created users from local switch database to Active Directory.
This is a manual process explained later.
•
LDAP authentication is used on the local switch only and not for the entire fabric.
Roles for users can be added through the Microsoft Management Console. Groups created in Active
Directory must correspond directly to the RBAC user roles on the switch. Role assignments can be achieved
by including the user in the respective group. A user can be assigned to multiple groups like Switch Admin
and Security Admin. For LDAP servers, you can usethe ldapCfg
<switch_role> to map a LDAP server role to one of the default roles available on a switch.For more
information on RBAC roles, see
NOTE:
www.microsoft.com. Confer with your network administrator prior to configuration for any special
needs your network environment may have.
76
Managing user accounts
"Configuring advanced security
"Using Role-Based Access Control
All instructions involving Microsoft's Active Directory can be obtained from
features" on page 105. The following are
maprole <ldap_role name>
-–
(RBAC)" on page 56.
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
