APC AP5615, AP5616 manual To configure Ldap query parameters, Select Appliance Authentication Query

To configure LDAP query parameters:

1.Select Appliance — Authentication — Query.

2.Select Basic, User Attribute or Group Attribute for the Appliance Query Mode and the Server Query Mode.

3.Enter the appropriate information in the Group Container, Group Container Mask, Target Mask and Access Control attribute fields.

4.Click Save.

NOTE: These options cannot be changed if the LDAP Priority is set to LDAP Disabled on the Overview screen.

Setting up Active Directory for performing queries

Before you can use any of the querying modes for units, you must first make changes to Active Directory so that the selected querying mode can assign the applicable authorization level for the Network Access Software user.

To set up group queries:

1.Log into Windows with administrator privileges.

2.Open Active Directory software.

3.Create an organizational unit to be used as a group container.

4.Create an object in Active Directory with a name identical to the switching system name for querying KVM switches (specified in the Name field in the SNMP category of the Configure tab), or identical to the attached target devices for querying servers (specified in the Servers category). The name must match exactly and is case-sensitive.

5.The KVM switch names and server names used for group queries are stored in the KVM switch. The KVM switch name and server names specified in the SNMP and Servers categories must identically match the object names in Active Directory. Each KVM switch name and target device name may be comprised of any combination of upper-case and lower- case letters (a-z, A-Z), digits (0-9) and hyphens (-). You cannot use spaces and periods (.) or create a name that consists entirely of digits.

6.Create one or more groups under the organizational unit you created in step 3.

7.Add the user names and server and KVM switch objects to the groups you created in Step 5.

8.Specify the value of any attribute being used to implement the access control attribute. For example, if you are using info as the attribute in the Access Control Attribute field and using the Notes property in the group object to implement the access control attribute, the value of the Notes attribute in Active Directory may be set to one of the three available access levels (Device User, Administrator, or Read-Only User) for the group object. The members of the group may then access the KVM switches and servers at the specified access level.