Changing the LDAP Group Rule for an LDAP Provider
Procedure
Step 1 Inthe Navigation pane, clickthe Admin tab.
Step 2 Onthe Admin tab, expand All >User Management>LDAP.
Step 3 ExpandLDAP Providers and choose the LDAP provider for which you want to change the group rule.
Step 4 Inthe Work pane, click the General tab.
Step 5 Inthe LDAP Group Rules area, complete the following fields:
DescriptionName
WhetherCisco UCS also searchesLDAP groups whenauthenticating
andassigning user roles and locales to remote users. This can be one
ofthe following:
•Disable—CiscoUCS does not accessany LDAP groups.
•Enable—CiscoUCS searches all LDAP groupsmapped in this
CiscoUCS domain. If the remote user is found, Cisco UCS assigns
theuser rolesand localesdefined for that LDAPgroup inthe
associatedLDAP group map.
Roleand locale assignment is cumulative. If a user is included
inmultiple groups, or has a role or locale specified in the LDAP
attribute,Cisco UCS assigns that user all the roles and locales
mappedto any of those groups or attributes.
Note
GroupAuthorization field
WhetherCisco UCS searches both the mapped groups and theirparent
groups.This can be one of the following:
•NonRecursive—Cisco UCS searches only thegroups mapped
inthis CiscoUCS domain. Ifnone ofthe groupscontaining the
userexplicitly set theuser's authorizationproperties, Cisco UCS
usesthe defaultsettings.
•Recursive—CiscoUCS searches each mapped group andall its
parentgroups forthe user'sauthorization properties. These
propertiesare cumulative, so for each group Cisco UCS finds with
explicitauthorization property settings, itapplies those settings
tothe current user. Otherwise it uses the default settings.
GroupRecursion field
Theattribute Cisco UCS uses to determine group membership in the
LDAPdatabase.
Thesupported string length is 63 characters.The default string is
memberOf.
TargetAttribute field
Cisco UCS Manager GUI Configuration Guide, Release 2.0
OL-25712-04 139
Configuring LDAP Providers