APC AP5616 Switch User Manual


 
Chapter 8: Configuring LDAP 103
The Notes property is used to implement the access control attribute. The value of the Notes
property, available in group and user objects shown in Active Directory Users and Computers
(ADUC), is stored internally in the directory, in the value of the info attribute. ADUC is a
Microsoft Management Console snap-in for configuring Active Directory. It is started by
selecting Start > Programs > Administrative Tools > Active Directory Users and Computers.
This tool is used to create, configure and delete objects such as users, computers and groups.
The Group Container Mask field defines the object type of the Group Container, which is
normally an organizational unit. The default value is “ou=%1”.
The Target Mask field defines a search filter for the target device. The default value is
“cn=%1”.
The Access Control Attribute field specifies the name of the attribute that is used when the
query modes are set to Attribute. The default value is info.
KVM switch and target device query modes
One of three modes can each be used for Query Mode (Appliance) and Query Mode (Server):
Basic – A user name and password query for the Network Access Software user is made to the
directory service. If they are verified, the Network Access Software user is given administrator
access to the KVM switch and any attached target devices for Query Mode (Appliance), or to
any selected target device for Query Mode (Server).
Attribute – A user name, password and Access Control Attribute query for the KVM switch
user is made to the directory service. The Access Control Attribute is read from the user object
(the user account) in Active Directory.
If the value “Administrator” is found, the Network Access Software user is given KVM switch
administrator access to the KVM switch and any attached target devices for Query Mode
(Appliance), or to any selected target device for Query Mode (Server). If the value “Device
User” is found, the Network Access Software user is given User administrator access to the
KVM switch and attached target devices for Query Mode (appliance), or to any selected target
device for Query Mode (Server).
Group A user name, password, and group query is made to the directory service for an
appliance and attached target devices when using Query Mode (Appliance), or for a selected
target device when using Query Mode (Server). If a group is found containing the user and the
appliance name, the Network Access Software user is given access to the appliance or attached
target devices, depending on the group contents, when using Query Mode (Appliance). If a
group is found containing the user and target device IDs, the Network Access Software user is
given access to the selected target device connected to the appliance when using Query Mode
(Server).
Groups can be nested to a maximum of 16 levels in depth. Use nesting to create groups within
other groups. For example, you may have a top-level group named Computers that contains a
member named R&D, which is a group. The R&D group may contain a member named
Domestic, which is a group, and so on.