HP 5600 Deploying HP KVM consoling solutions best practices - Page 14

LDAP mode In LDAP mode, the directory provides complete control of switch user access: user ID, password, and rights to individual servers and switches. Two types of queries can occur in LDAP mode: • Console switch query - An attempt by a switch user to perform an action requiring switch administrative rights. In response, the directory will check whether the user has administrator access. • Server query - An attempt by a switch user to view the console of a specific server. In response, the directory will verify whether the user has access rights to the requested server console. LDAP mode can process switch user queries using one of three sub modes: Basic mode, User Attribute mode, or Group Attribute mode. LDAP Basic mode In Basic mode (Figure 12), only the user ID and password are checked against the directory. If the user exists and the password is correct, then the user obtains access without further validation. Note For security reasons, HP recommends using LDAP Basic mode only for testing connectivity. Figure 12. Query processing in LDAP Basic mode Switch User 1. Request to view server console 2. User ID + password forwarded by LDAP Switch Domain Controller Server 5. Switch response (If credentials are valid, switch grants access to anything.) 4. Directory response 3. Directory checks User ID and password for validity. 14