Manuals / IBM / Computer Equipment / Network Card

IBM Remote Supervisor Adapter II manual UID Search Attribute, Group Search Attribute

Models: Remote Supervisor Adapter II

1 132
Download 132 pages 21.75 Kb
Page 58
Image 58

3. To configure the search attributes, use the following information.

UID Search Attribute

When the selected binding method is Anonymously or w/ Configured Credentials, the initial bind to the LDAP server is followed by a search request that is directed at retrieving specific information about the user, including the distinguished name, login permissions, and group membership. To retrieve this information, the search request must specify the attribute name that is used to represent user IDs on that server. Specifically, this name is used as a search filter against the login ID that is entered by the user. This attribute name is configured here. For example, on Active Directory servers, the attribute name that is used for user IDs is usually sAMAccoutName. On Novell eDirectory and OpenLDAP servers, it is usually uid. If this field is left blank, a default of UID is used during user authentication.

Group Search Attribute

In an Active Directory or Novell eDirectory environment, this parameter specifies the attribute name that is used to identify the groups to which a user belongs. In Active Directory, this is usually memberOf, and with eDirectory, this is usually groupMembership.

In an OpenLDAP server environment, users are usually assigned to groups whose objectClass equals PosixGroup. In that context, this parameter specifies the attribute name that is used to identify the members of a particular PosixGroup. This is usually memberUid.

If this field is left blank, the attribute name in the filter defaults to memberOf.

Login Permission Attribute

When a user is authenticated through an LDAP server successfully, the login permissions for this user must be retrieved. To retrieve these permissions, the search filter that is sent to the server must specify the attribute name that is associated with login permissions. This field specifies this attribute name.

If this field is left blank, the user is assigned a default of read-only permissions, assuming that the user passes the user and group authentication.

The attribute value that is returned by the LDAP server is searched for the keyword string IBMRBSPermission=. This keyword must be immediately followed by a bit string that is entered as 12 consecutive 0s or 1s. Each bit represents a particular set of functions. The bits are numbered according to their positions. The leftmost bit is bit position 0, and the rightmost bit is bit position 11. A value of 1 at a particular position enables the function that is associated with that position. A value of 0 disables that function. The string IBMRBSPermission=010000000000 is a valid example.

50 Remote Supervisor Adapter II SlimLine and Remote Supervisor Adapter II: User’s Guide

Page 57 Page 59
Page 58
Image 58
IBM Remote Supervisor Adapter II manual UID Search Attribute, Group Search Attribute, Login Permission Attribute
Page 57 Page 59