Dell IDRAC6 manual Overview of the iDRAC Schema Extensions, Active Directory Object Overview, 149

Identifiers (OIDs) so that when companies add extensions to the schema, they can be guaranteed to be unique and not to conflict with each other. To extend the schema in Microsoft's Active Directory, Dell received unique OIDs, unique name extensions, and uniquely linked attribute IDs for the attributes and classes that are added into the directory service.

Dell extension: dell

Dell base OID: 1.2.840.113556.1.8000.1280 RAC LinkID range:12070 to 12079

Overview of the iDRAC Schema Extensions

To provide the greatest flexibility in the multitude of customer environments, Dell provides a group of properties that can be configured by the user depending on the desired results. Dell has extended the schema to include an Association, Device, and Privilege property. The Association property is used to link together the users or groups with a specific set of privileges to one or more iDRAC devices. This model provides an Administrator maximum flexibility over the different combinations of users, iDRAC privileges, and iDRAC devices on the network without adding too much complexity.

Active Directory Object Overview

For each physical iDRAC on the network that you want to integrate with Active Directory for Authentication and Authorization, create at least one Association Object and one iDRAC Device Object. You can create multiple Association Objects, and each Association Object can be linked to as many users, groups of users, or iDRAC Device Objects as required. The users and iDRAC user groups can be members of any domain in the enterprise.

However, each Association Object can be linked (or, may link users, groups of users, or iDRAC Device Objects) to only one Privilege Object. This example allows an Administrator to control each user’s privileges on specific iDRACs.

The iDRAC Device object is the link to the iDRAC firmware for querying Active Directory for authentication and authorization. When a iDRAC is added to the network, the Administrator must configure the iDRAC and its device object with its Active Directory name so users can perform authentication and authorization with Active Directory. Additionally, the Administrator must add the iDRAC to at least one Association Object in order for users to authenticate.