Chapter 8: Configuring LDAP | 102 |
|
|
The UID Mask field specifies the search criteria for User ID searches of LDAP target devices. The format should be in the form <name>=<%1>. The default value is KVM server moduleAccountName=%1, which is correct for use with Active Directory. This field is required for LDAP searches.
To configure LDAP search parameters:
1.Select Appliance — Authentication — Search.
2.Enter the appropriate information in the Search DN, Search Password, Search Base and UID Mask fields.
3.Click Save.
LDAP query parameters
Clicking the Query Parameters tab displays the parameters used when performing user authentication queries.
The KVM switch performs two different types of queries. Appliance query mode is used to authenticate administrators attempting to access the KVM switch itself. Server query mode is used to authenticate users attempting to access attached target devices.
Additionally, each type of query has three modes that utilize information you configure in the Query tab to determine whether a Network Access Software user has access to a KVM switch or to connected target devices.
Configure the following settings in the Query tab:
•The Appliance Query Mode determines whether a Network Access Software user has access to the KVM switch.
•The Server Query Mode determines whether a Network Access Software user has user access to target devices connected to a KVM switch. The user does not have access to the KVM switch.
•The Group Container, Group Container Mask and Target Mask fields are only used for group query modes and are required when performing a KVM switch or device query.
•The Group Container field specifies the organizational unit (ou) created in Active Directory by the administrator as the location for group objects. Group objects are Active Directory objects that can contain users, computers, contacts and other groups. Group Container is used when Query Mode is set to Group. Each group object is assigned members to associate with a particular access level for member objects (people, KVM switches and target devices). The access level associated with a group is configured by setting the value of an attribute in the group object. For example, if the Notes property in the group object is used to implement the access control attribute, the Access Control Attribute field in the Query tab should be set to info. Setting the Notes property to KVM User Admin causes the members of that group to have user administration access to the KVM switches and target devices that are also members of that KVM server module group.