Avocent 590-686-501D manual Ldap Query parameters

LDAP Query parameters

On the LDAP Query page, you can configure the parameters used when performing user authentication queries.

The appliance performs two different types of queries. Query Mode (Appliance) is used to authenticate administrators and users attempting to access the appliance itself. Query Mode (Target Device) is used to authenticate users that are attempting to access attached target devices. Additionally, each type of query has three modes that utilize certain types of information to determine whether or not an LDAP user has access to an appliance or connected target devices. See Appliance and Target Device Query Modes on page 58 for detailed information on each mode.

You can configure the following settings on the LDAP Query Page:

•The Query Mode (Appliance) parameters determine whether or not a user has access to the appliance.

•The Query Mode (Target Device) parameters determine whether or not a user has user access to target devices connected to an appliance. The user does not have access to the appliance, unless granted by Query Mode (Appliance).

•The Group Container, Group Container Mask and Target Mask fields are only used for group query modes and are required when performing an appliance or device query.

•The Group Container field specifies the organizational unit (ou) created in Active Directory by the administrator as the location for group objects. Group objects are Active Directory objects that can contain users, computers, contacts and other groups. Group Container is used when Query Mode is set to Group Attribute. Each group object, in turn, is assigned members to associate with a particular access level for member objects (people, appliances and target devices). The access level associated with a group is configured by setting the value of an attribute in the group object. For example, if the Notes property in the group objects is used to implement the access control attribute, the Access Control Attribute field on the LDAP Query Page should be set to info. Setting the Notes property to KVM User Admin causes the members of that group to have user administration access to the appliances and target devices that are also members of that same group.

•The Notes property is used to implement the access control attribute. The value of the Notes property, available in group and user objects shown in Active Directory Users and Computers (ADUC), is stored internally in the directory, in the value of the info attribute. ADUC is a Microsoft Management Console snap-in for configuring Active Directory. It is started by selecting Start - Programs - Administrative Tools - Active Directory Users and Computers. This tool is used to create, configure and delete objects such as users, computers and groups. See Figure 4.6 on page 59 and Figure 4.7 on page 60 for more information.

•The Group Container Mask field defines the object type of the Group Container, which is normally an organizational unit. The default value is “ou=%1”.

•The Target Mask field defines a search filter for the target device. The default value is “cn=%1”.