Dell 2321DS Switch User Manual


 
205 LDAP Feature for the Remote Console Switch
Using Dell Association Objects Syntax
Using the Dell Association Objects syntax, object types default to User and
Group in the Dell LDAP Schema. In the Dell Extended Schema, Dell has
added unique Object IDs for four new object classes:
KVM Appliance Objects
•KVM SIP Objects
•Privilege Objects
Association Objects
Each of these new object classes is defined in terms of various combinations
(hierarchies) of default Active Directory classes, together with Dell unique
attribute types. Each of the Dell unique attribute types is defined in terms of
a default Active Directory attribute syntax.
The default Microsoft Active Directory object classes used include User and
Group. The User class generally denotes Active Directory objects that contain
information about single entities. The Group class represents containers used
for nesting and contain information about collections of objects.
Each KVM Appliance Object represents an individual Remote Console
Switch within Active Directory. Since these are single entities, in the LDAP
default language they are User objects rather than Group objects.
Each Privilege Object defines a distinct composite set of privileges. Each set
is treated as a discrete entity, therefore it is a User object rather than a Group
object.
An Association Object contains a collection of information about the
privileges granted to a specific user accounts with respect to a specific
appliance (or appliances) and/or specific SIP (or SIPs). User accounts in an
Appliance Object may be specified in terms of any combination of the
following:
Individual account
Active Directory security group of user accounts
Multiple Active Directory security groups of user accounts
Similarly, for the appliances and/or SIPs in an Association Object and because
the Association Object has the ability to use security groups in the same way,
it is defined as a group object itself.