Dell EqualLogic PS6610ES EqualLogic Group Manager Administrator s Guide PS Ser - Page 73
About LDAP Authorization and Active Directory, Search Path Optimizations
View all Dell EqualLogic PS6610ES manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 73 highlights
About LDAP Authorization and Active Directory LDAP is the abbreviation for Lightweight Directory Access Protocol, which provides a simplified protocol for authenticating users. An LDAP server typically contains a database of users, user names, passwords, and related information. LDAP clients are able to interrogate the server to authenticate these users and obtain the account characteristics. Active Directory is an LDAP-compliant database that contains objects (typically users, computers, and groups) and provides authentication and authorization mechanisms in which other related services can be deployed. If your environment uses Active Directory, you can authenticate administrator sessions using LDAP. Individual Active Directory users, or entire Active Directory groups, can be given group, pool, or volume administrator privileges. To use LDAP authentication, you must first configure the group to communicate with one or more LDAP servers. The Active Directory Configuration wizard enables you to configure NTP and DNS or modify the existing NTP or DNS configuration. You can also perform these tasks at a later time. See theDell EqualLogic PS Series Storage Arrays Release Notes for more information about NTP requirements for using Active Directory in a NAS cluster. To use Active Directory in a NAS cluster: • The Active Directory server and the PS Series group must use a common source of time. • You must configure the NAS cluster to use DNS. The DNS servers you specify must be the same DNS servers that your Active Directory domain controllers use. Search Path Optimizations PS Series v10.0 provides the option to disconnect the Base DN from search paths and adds two search paths, group-search-dn and user-search-dn. These two options enable Active Directory to perform recursive object search within a specified path. If you do not specify either of these two new options, the behavior of the ldap server-list create command will be the same as earlier releases. Add an Active Directory Server 1. Click Group → Group Configuration. 2. Click the Administration tab. 3. In the Authentication panel, select Active Directory as the authentication type. • If no Active Directory servers have been added yet, the Active Directory settings dialog box opens. • If one or more Active Directory servers have already been added, click AD settings to open the Active Directory settings dialog box. 4. In the Active Directory settings dialog box, click Add. The Add List Item dialog box opens and prompts you to enter the AD server's IP address. 5. Type in the IP address for the Active Directory server and click OK. The IP address appears in the list of Active Directory servers. Configure Active Directory Authentication To configure LDAP authentication for the group: 1. Click Group → Group Configuration. 2. Click the Administration tab. 3. In the Authentication panel, set the authentication type to Active Directory and click AD settings to display the Active Directory Settings dialog box. 4. In the Active Directory servers section, click Add. The Add List Item dialog box opens. 5. Type the IP address of the Active Directory server and click OK. About Group-Level Security 73