Supported Active Directory Authentication Mechanisms

You can use Active Directory to define user access on the iDRAC6 through two methods: you can use the extended schema solution, which Dell has customized to add Dell-defined Active Directory objects. Or, you can use the standard schema solution, which uses Active Directory group objects only. See the sections that follow for more information about these solutions.

When using Active Directory to configure access to iDRAC6, you must choose either the extended schema or the standard schema solution.

The advantages of using the extended schema solution are:

All the access control objects are maintained in Active Directory.

Configuring user access on different iDRAC6 with varying privilege levels is provided.

The advantage of using the standard schema solution is that no schema extension is required because all the necessary object classes are provided by Microsoft’s default configuration of the Active Directory schema.

Extended Schema Active Directory Overview

Using the extended schema solution requires the Active Directory schema extension, as described in the following section.

Active Directory Schema Extensions

The Active Directory data is a distributed database of Attributes and Classes. The Active Directory schema includes the rules that determine the type of data that can be added or included in the database. The user class is one example of a Class that is stored in the database. Some example user class attributes can include the user’s first name, last name, phone number, and so on. Companies can extend the Active Directory database by adding their own unique Attributes and Classes to solve environment-specific needs. Dell has extended the schema to include the necessary changes to support remote management Authentication and Authorization.

Each Attribute or Class that is added to an existing Active Directory Schema must be defined with a unique ID. To maintain unique IDs across the industry, Microsoft maintains a database of Active Directory Object

148

Using the iDRAC6 Directory Service

Page 148
Image 148
Dell IDRAC6 manual Supported Active Directory Authentication Mechanisms, Extended Schema Active Directory Overview, 148