Ldap Configuration And Microsoft Active Directory; Example Of The Dictiona.dcm File - HP A7533A - Brocade 4Gb SAN Switch Base Administrator's Manual
Hp storageworks fabric os 6.2 administrator guide (5697-0016, may 2009)
Hide thumbs
Also See for A7533A - Brocade 4Gb SAN Switch Base:
- Administrator's manual (518 pages) ,
- Hardware reference manual (256 pages) ,
- User manual (248 pages)
Table of Contents
Advertisement
#######################################################################
# dictiona.dcm
#######################################################################
# Generic Radius
@radius.dct
#
# Specific Implementations (vendor specific)
#
@3comsw.dct
@aat.dct
@acc.dct
@accessbd.dct
@agere.dct
@agns.dct
@airespace.dct
@alcatel.dct
@altiga.dct
@annex.dct
@aptis.dct
@ascend.dct
@ascndvsa.dct
@axc.dct
@brocade.dct
@bandwagn.dct
@brocade.dct <-------
Figure 3
Example of the dictiona.dcm file
c. When selecting items from the Add Return List Attribute, select Brocade-Auth-Role and enter the
string Admin. The string will equal the role on the switch.
d. Add the Brocade profile.
e. In RSA Authentication Manager, edit the user records that will be authenticating using RSA SecurID.
LDAP configuration and Microsoft Active Directory
LDAP provides user authentication and authorization using the Microsoft Active Directory service in
conjunction with LDAP on the switch. There are two modes of operation in LDAP authentication, FIPS mode
and non-FIPS mode. This section discusses LDAP authentication in non-FIPS mode. For more information on
LDAP in FIPS mode, see Chapter 4,
restrictions apply when using LDAP in non-FIPS mode:
•
In Fabric OS 6.1.0 and later there is no password change through Active Directory.
•
There is no automatic migration of newly created users from local switch database to Active Directory.
This is a manual process explained later.
•
LDAP authentication is used on the local switch only and not for the entire fabric.
Roles for B-Series-specific users can be added through the Microsoft Management Console. Groups
created in Active Directory must correspond directly to the RBAC user roles on the switch. Role assignments
can be specified by including the user in the respective group. A user can be assigned to multiple groups
like Switch Admin and Security Admin. For LDAP servers, you can use the ldapCfg
ldap_role name switch_role command to map a LDAP server role to one of the default roles available on a
switch. For more information on RBAC roles, see
NOTE:
All instructions involving Microsoft Active Directory can be obtained from
your Microsoft documentation. Confer with your system or network administrator prior to configuration for
any special needs your network environment may have.
Following is the overview of the process used to set up LDAP:
"Configuring advanced security
"Role-Based Access Control
features" on page 1 17. The following
maprole
-–
(RBAC)" on page 67.
www.microsoft.com
Fabric OS 6.2 administrator guide
or
93
Hide quick links:
Advertisement
Table of Contents
