Configuring extended schema Active Directory
To configure Active Directory to access CMC:
1.
Extend the Active Directory schema.
2.
Extend the Active Directory Users and Computers Snap-in.
3.
Add CMC users and their privileges to Active Directory.
4.
Enable SSL on each of your domain controllers.
5.
Configure CMC Active Directory properties using CMC web interface or RACADM.
Configuring generic LDAP users
CMC provides a generic solution to support Lightweight Directory Access Protocol (LDAP)-based authentication. This feature does
not require any schema extension on your directory services.
A CMC administrator can now integrate the LDAP server user logins with CMC. This integration requires configuration on both
LDAP server and CMC. On the LDAP server, a standard group object is used as a role group. A user who has CMC access becomes
a member of the role group. Privileges are still stored on CMC for authorization similar to the working of the Standard Schema
setup with Active Directory support.
To enable the LDAP user to access a specific CMC card, the role group name and its domain name must be configured on the
specific CMC card. You can configure a maximum of five role groups in each CMC. A user has the option to be added to multiple
groups within the directory service. If a user is a member of multiple groups, then the user obtains the privileges of all their groups.
Configuring the generic LDAP directory to access CMC
The CMC's Generic LDAP implementation uses two phases in granting access to a user—user authentication, and then the user
authorization.
Configuring generic LDAP directory service using CMC web interface
To configure the generic LDAP directory service:
NOTE: You must have the Chassis Configuration Administrator privilege.
1.
In the left pane, click Chassis Overview → User Authentication → Directory Services.
2.
Select Generic LDAP.
The settings to be configured for standard schema is displayed on the same page.
3.
Specify the following:
NOTE: For information about the various fields, see the
•
Common Settings
•
Server to use with LDAP:
– Static server — Specify the FQDN or IP address and the LDAP port number.
– DNS server — Specify the DNS server to retrieve a list of LDAP servers by searching for their SRV record within the
DNS.
The following DNS query is performed for SRV records:
_[Service Name]._tcp.[Search Domain]
where < Search Domain > is the root level domain to use within the query and < Service Name > is the service
name to use within the query.
For example:
_ldap._tcp.dell.com
where ldap is the service name and dell.com is the search domain.
Online Help .
103