Generic LDAP Directory Service

iDRAC6 provides a generic solution to support Lightweight Directory Access Protocol (LDAP)-based authentication. This feature does not require any schema extension on your directory services.

To make the iDRAC6 LDAP implementation generic, the commonality between different directory services is utilized to group users and then map the user-group relationship. The directory service specific action is the schema. For example, they may have different attribute names for the group, user, and the link between the user and the group. These actions can be configured in iDRAC6.

Login Syntax (Directory User versus Local User)

Unlike Active Directory, special characters ("@", "\", and "/") are not used to differentiate an LDAP user from a local user. The login user should only enter the user name, excluding the domain name. iDRAC6 takes the user name as is and does not break it down to the user name and user domain. When generic LDAP is enabled, iDRAC6 first tries to login the user as a directory user. If it fails, local user lookup is enabled.

NOTE: There is no behavior change on the Active Directory login syntax. When generic LDAP is enabled, the GUI login page displays only "This iDRAC" in the drop-down menu.

NOTE: "<" and ">" characters are not allowed in the user name for openLDAP and OpenDS based directory services.

Configuring Generic LDAP Directory Service Using the iDRAC6 Web- Based Interface

1Open a supported Web browser window.

2Log in to the iDRAC6 Web-based interface.

3Go to Remote AccessNetwork/Security tab→ Directory Service tab→ Generic LDAP Directory Service.

The Generic LDAP Configuration and Management page displays the current iDRAC6 generic LDAP settings. Scroll to the bottom of the Generic LDAP Configuration and Management page, and click Configure Generic LDAP.

178

Using the iDRAC6 Directory Service

Page 178
Image 178
Dell IDRAC6 manual Generic Ldap Directory Service, Login Syntax Directory User versus Local User, 178