Dell PowerEdge MX7000 EMC OpenManage Enterprise-Modular Edition Version 1.20.1 - Page 19
Integrating directory services in OME-Modular, Adding Active Directory service
View all Dell PowerEdge MX7000 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 19 highlights
After logging in successfully, you can do the following: ● Configure your account. ● Change the password. ● Recover the root password. Integrating directory services in OME-Modular You can use Directory Services to import directory groups from AD or LDAP for use on the web interface. OME-Modular supports integration of the following directory services: 1. Windows Active Directory 2. Windows AD-LDS 3. OpenLDAP 4. PHP LDAP Supported attributes and pre-requisites for LDAP Integration Table 5. OME-Modular Pre-requisites/supported attributes for LDAP Integration Attribute of User Login Attribute of Group Membership Certificate Requirement Windows AD-LDS Cn, sAMAccountName Member ● Subject to availability of FQDN in Domain Controller Certificate. SAN field can have both IPv4 and IPv6 or IPv4 or IPv6, or FQDN. ● Only Base64 certificate format is supported OpenLDAP PHP LDAP uid, sn uid Uniquemember MemberUid Only PEM certificate format is supported. User pre-requisites for directory service integration Ensure that the following user pre-requisites are met before you begin with the directory service integration: 1. BindDN user and user who is used for 'Test connection' must be the same. 2. If Attribute of User Login is provided, only the corresponding username value that is assigned to the attribute is allowed for appliance login. 3. User who is used for Test connection must be part of any non-default group in LDAP . 4. Attribute of Group Membership must have the 'userDN' or the short name (used for logging in) of the user. 5. When MemberUid is used as 'Attribute of Group Membership,' the username that is used in appliance login is considered case sensitive in some LDAP configurations. 6. When search filter is used in LDAP configuration, user login is not allowed for those users who are not part of the search criteria mentioned. 7. Group search works only if the groups have users assigned under the provided Attribute of Group Membership. NOTE: If OME-Modular is hosted on an IPv6 network, the SSL authentication against domain controller using FQDN would fail if IPv4 is set as preferred address in DNS. To avoid this failure, do one of the following: ● DNS should be set to return IPv6 as preferred address when queried with FQDN. ● DC certificate must have IPv6 in SAN field. Adding Active Directory service To add the active directory service: Logging in to OME-Modular 19