HP 5600 Deploying HP KVM consoling solutions best practices - Page 15

LDAP User Attribute mode In User Attribute mode (Figure 13) the directory checks the user ID and password. If they are valid, the directory uses an attribute in the notes field of the user object to determine access rights. Figure 13. Query processing in LDAP User Attribute mode Switch User 1. Request to view server console 2. User ID + password forwarded by LDAP Switch Domain Controller Server 5. Switch response 4. Directory response 3. Directory checks User ID and password and uses notes attribute to determine access for validated user. User Attributes: KVM Appliance Admin: can access any server connected to the switch and can administer the switch. KVM User: can view any server permissions are granted for. LDAP Group Attribute mode In Group Attribute mode (Figure 14), the directory validates users by validating the user ID and password. It then checks user groups to determine switch user access. Figure 14. Query processing in LDAP Group Attribute mode Switch User 1. Request to view server console Switch 2. User ID + password + server forwarded by LDAP Domain Controller Server 5. Switch response 4. Directory response 3. Directory checks User ID and password, then checks user groups to determine access for validated user. KVM Switch Admin Group Windows Server Admin Group Linux® Server Admin Group 15