Vertiv Avocent MergePoint Unity Installer/User Manual page 57

The appliance performs two different types of queries. Query Mode (Appliance) is used to authenticate
administrators and users attempting to access the appliance itself. Query Mode (Target Device) is used to
authenticate users that are attempting to access attached target devices. Additionally, each type of
query has three modes that utilize certain types of information to determine whether or not an LDAP user
has access to an appliance or connected target devices. See
on page 52 detailed information on each mode.
You can configure the following settings on the LDAP Query Page:
• The Query Mode (Appliance) parameters determine whether or not a user has access to the
appliance.
• The Query Mode (Target Device) parameters determine whether or not a user has user access
to target devices connected to an appliance. The user does not have access to the appliance,
unless granted by Query Mode (Appliance).
• The Group Container, Group Container Mask and Target Mask fields are only used for group
query modes and are required when performing an appliance or device query.
• The Group Container field specifies the organizational unit (ou) created in Active Directory by
the administrator as the location for group objects.
• Group objects are Active Directory objects that can contain users, computers, contacts
and other groups. Group Container is used when Query Mode is set to Group Attribute.
Each group object, in turn, is assigned members to associate with a particular access level
for member objects (people, appliances and target devices). The access level associated
with a group is configured by setting the value of an attribute in the group object.
• For example, if the Notes property in the group objects list is used to implement the
access control attribute, the Access Control Attribute field on the LDAP Query Page
should be set to info. Setting the Notes property to KVM User Admin causes the members
of that group to have user administration access to the appliances and target devices
that are also members of that same group.
• The Notes property is used to implement the access control attribute. The value of the Notes
property, available in group and user objects shown in Active Directory Users and Computers
(ADUC), is stored internally in the directory, in the value of the info attribute. ADUC is a
Microsoft Management Console snap-in for configuring Active Directory. It is started by
selecting Start - Programs - Administrative Tools - Active Directory Users and Computers. This
tool is used to create, configure and delete objects such as users, computers and groups. See
Appliance and Target Device Query Modes
• The Group Container Mask field defines the object type of the Group Container, which is
normally an organizational unit. The default value is "ou=%1".
• The Target Mask field defines a search filter for the target device. The default value is "cn=%1".
• The Access Control Attribute field specifies the name of the attribute that is used when the
query modes are set to User Attribute or Group Attribute. The default value is info.
Vertiv™ | Vertiv™ Avocent® MergePoint Unity™ Switch for Dell® Installer/User Guide |
Appliance and Target Device Query Modes
on page 52 for more information.
51