Defining Groups On An Ldap Server Running Openldap - Avocent MERGEPOINT 53XX SP MANAGER Installer/User Manual

2. Double-click Attributes and confirm that the info attribute is present.
3. Double-click Classes, locate the class Users and right-click to select Properties.
4. Select the Attributes tab and click Add.
5. Locate info in the attributes list. Click Apply, then click OK
To configure a group in ADSI Edit:
1. In the server's console window, double-click ADSI Edit.
2. From the menu, select Action Connect to. The Connection window appears.
3. Accept the defaults and select OK.
4. The path Domain NC<domain>.com appears.
5. Double-click Domain NC<domain>.com. The expanded path
DC= xxx
6. Double-click DC=xxx,DC=xxx,DC=com.
7. The expanded class CN=Builtin appears.
8. Double-click CN=Users. The expanded users list appears.
9. Right-click on the name of a user and select Properties. The CN=<username> Properties
window appears.
10. In the Optional area, select which property to view: locate or select [info].
11. In the Edit Attribute field, enter the group name in the format group_name=<Group1>. If the
username selected is an administrative user, enter admin as the group_name.
12. Click OK and close or save the windows.

Defining groups on an LDAP server running OpenLDAP

Perform the following procedures for configuring support for group authorizations when a server
running OpenLDAP is used for LDAP authentication.
Any groups configured in the memberof attribute are used; if no groups are defined in the member
of attribute, then any groups configured in the info attribute are used. The groups defined on the
LDAP server must be configured on the MergePoint SP manager with the desired device
access authorizations.
To configure groups using the info attribute on an LDAP authentication server:
1. On the server, add the info attribute into the objectclass posixAccount in the /etc/ldap/schema/
nis.schema file:
objectclass (1.3.6.1.1.2.0 NAME 'posixAccount' SUP top AUXILIARY DESC
'Abstraction of an account with POSIX attributes' MUST ( cn $ uid $
uidNumber $ gidNumber $ homeDirectory ) MAY ( userPassword $ loginShell
$ gecos $ description $ info) )
2. Make sure the info attribute exists in the /etc/ldap/schema/cosine.schema file.
Chapter 6: Administration Tasks Not Performed in the Web Interface
,DC= xxx ,DC=com appears.
93