Dell PowerEdge MX7000 EMC OpenManage Enterprise-Modular Edition Version 1.20.1 - Page 19

Integrating directory services in OME-Modular, Adding Active Directory service

Get Dell PowerEdge MX7000 PDF manuals and user guides View all Dell PowerEdge MX7000 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 19 highlights

After logging in successfully, you can do the following: ● Configure your account. ● Change the password. ● Recover the root password. Integrating directory services in OME-Modular You can use Directory Services to import directory groups from AD or LDAP for use on the web interface. OME-Modular supports integration of the following directory services: 1. Windows Active Directory 2. Windows AD-LDS 3. OpenLDAP 4. PHP LDAP Supported attributes and pre-requisites for LDAP Integration Table 5. OME-Modular Pre-requisites/supported attributes for LDAP Integration Attribute of User Login Attribute of Group Membership Certificate Requirement Windows AD-LDS Cn, sAMAccountName Member ● Subject to availability of FQDN in Domain Controller Certificate. SAN field can have both IPv4 and IPv6 or IPv4 or IPv6, or FQDN. ● Only Base64 certificate format is supported OpenLDAP PHP LDAP uid, sn uid Uniquemember MemberUid Only PEM certificate format is supported. User pre-requisites for directory service integration Ensure that the following user pre-requisites are met before you begin with the directory service integration: 1. BindDN user and user who is used for 'Test connection' must be the same. 2. If Attribute of User Login is provided, only the corresponding username value that is assigned to the attribute is allowed for appliance login. 3. User who is used for Test connection must be part of any non-default group in LDAP . 4. Attribute of Group Membership must have the 'userDN' or the short name (used for logging in) of the user. 5. When MemberUid is used as 'Attribute of Group Membership,' the username that is used in appliance login is considered case sensitive in some LDAP configurations. 6. When search filter is used in LDAP configuration, user login is not allowed for those users who are not part of the search criteria mentioned. 7. Group search works only if the groups have users assigned under the provided Attribute of Group Membership. NOTE: If OME-Modular is hosted on an IPv6 network, the SSL authentication against domain controller using FQDN would fail if IPv4 is set as preferred address in DNS. To avoid this failure, do one of the following: ● DNS should be set to return IPv6 as preferred address when queried with FQDN. ● DC certificate must have IPv6 in SAN field. Adding Active Directory service To add the active directory service: Logging in to OME-Modular 19

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
After logging in successfully, you can do the following:
Configure your account.
Change the password.
Recover the root password.
Integrating directory services in OME-Modular
You can use Directory Services to import directory groups from AD or LDAP for use on the web interface. OME-Modular
supports integration of the following directory services:
1.
Windows Active Directory
2.
Windows AD-LDS
3.
OpenLDAP
4.
PHP LDAP
Supported attributes and pre-requisites for LDAP Integration
Table 5. OME-Modular Pre-requisites/supported attributes for LDAP Integration
Attribute of User Login
Attribute of Group
Membership
Certificate Requirement
Windows AD-LDS
Cn, sAMAccountName
Member
Subject to availability of
FQDN in Domain Controller
Certificate. SAN field can
have both IPv4 and IPv6 or
IPv4 or IPv6, or FQDN.
Only Base64 certificate
format is supported
OpenLDAP
uid, sn
Uniquemember
Only PEM certificate format is
supported.
PHP LDAP
uid
MemberUid
User pre-requisites for directory service integration
Ensure that the following user pre-requisites are met before you begin with the directory service integration:
1.
BindDN user and user who is used for 'Test connection' must be the same.
2.
If Attribute of User Login is provided, only the corresponding username value that is assigned to the attribute is allowed for
appliance login.
3.
User who is used for Test connection must be part of any non-default group in LDAP .
4.
Attribute of Group Membership must have the 'userDN' or the short name (used for logging in) of the user.
5.
When MemberUid is used as 'Attribute of Group Membership,' the username that is used in appliance login is considered
case sensitive in some LDAP configurations.
6.
When search filter is used in LDAP configuration, user login is not allowed for those users who are not part of the search
criteria mentioned.
7.
Group search works only if the groups have users assigned under the provided Attribute of Group Membership.
NOTE:
If OME-Modular is hosted on an IPv6 network, the SSL authentication against domain controller using FQDN would
fail if IPv4 is set as preferred address in DNS. To avoid this failure, do one of the following:
DNS should be set to return IPv6 as preferred address when queried with FQDN.
DC certificate must have IPv6 in SAN field.
Adding Active Directory service
To add the active directory service:
Logging in to OME-Modular
19