Chapter 8: Configuring LDAP 104
To configure LDAP query parameters:
1. Select Appliance — Authentication — Query.
2. Select Basic, User Attribute or Group Attribute for the Appliance Query Mode and the Server
Query Mode.
3. Enter the appropriate information in the Group Container, Group Container Mask, Target Mask
and Access Control attribute fields.
4. Click Save.
NOTE: These options cannot be changed if the LDAP Priority is set to LDAP Disabled on the Overview screen.
Setting up Active Directory for performing queries
Before you can use any of the querying modes for units, you must first make changes to Active
Directory so that the selected querying mode can assign the applicable authorization level for the
Network Access Software user.
To set up group queries:
1. Log into Windows with administrator privileges.
2. Open Active Directory software.
3. Create an organizational unit to be used as a group container.
4. Create an object in Active Directory with a name identical to the switching system name for
querying KVM switches (specified in the Name field in the SNMP category of the Configure
tab), or identical to the attached target devices for querying servers (specified in the Servers
category). The name must match exactly and is case-sensitive.
5. The KVM switch names and server names used for group queries are stored in the KVM
switch. The KVM switch name and server names specified in the SNMP and Servers
categories must identically match the object names in Active Directory. Each KVM switch
name and target device name may be comprised of any combination of upper-case and lower-
case letters (a-z, A-Z), digits (0-9) and hyphens (-). You cannot use spaces and periods (.) or
create a name that consists entirely of digits.
6. Create one or more groups under the organizational unit you created in step 3.
7. Add the user names and server and KVM switch objects to the groups you created in Step 5.
8. Specify the value of any attribute being used to implement the access control attribute. For
example, if you are using info as the attribute in the Access Control Attribute field and using
the Notes property in the group object to implement the access control attribute, the value of
the Notes attribute in Active Directory may be set to one of the three available access levels
(Device User, Administrator, or Read-Only User) for the group object. The members of the
group may then access the KVM switches and servers at the specified access level.