lDAPDisplayName: CiscoAVPair
name: CiscoAVPair
objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,CN=X
LDAP Group RuleTheLDAP group rule is used to determine whether Cisco UCS should use LDAP groups when assigning user
rolesand locales to a remote user.
Configuring LDAP ProvidersConfiguring Properties for LDAP Providers
Theproperties that you configure in this task are the default settings for allprovider connections of this type
definedin Cisco UCS Manager. If an individual provider includes a setting for any of these properties, Cisco
UCSuses that setting and ignores the default setting.
Before You Begin
Ifyou are using Active Directory as your LDAP server,create a user account in the Active Directory server
tobind with Cisco UCS. This account should be given a non-expiring password.
Procedure
Step 1 Inthe Navigation pane, click the Admin tab.
Step 2 Onthe Admin tab, expand All >User Management >LDAP.
Step 3 Completethe following fields in the Properties area:
DescriptionName
Thelength of time in seconds the system should spend trying to
contactthe LDAP databasebefore it times out.
Enteran integer from 1 to 60 seconds. The default value is 30
seconds.
Thisproperty is required.
Timeoutfield
AnLDAP attribute thatstores the values for the user roles and
locales.This property is always a name-value pair.The system
queriesthe user record for the value that matches this attribute
name.
Ifyou do not want to extend your LDAP schema, you can configure
anexisting, unused LDAP attribute with the Cisco UCS roles and
locales.Alternatively, you can create an attribute named
CiscoAVPairinthe remote authentication service with the following
attributeID: 1.3.6.1.4.1.9.287247.1
Attributefield
Cisco UCS Manager GUI Configuration Guide, Release 2.0
134 OL-25712-04
LDAP Group Rule