Tripp Lite B022-U08-IP Switch User Manual


 
35
7.2.3 Remote OSD Administration Tab
(
continued
)
7. Administration
(
continued
)
ToallowauthenticationandauthorizationviaLDAP/S,dothe
following:
1. Check the Enable LDAP Authentication checkbox.
2. SelectLDAPorLDAPS.
3. Determinewhethertoenableauthorizationornot.
• If the Enable Authorization checkboxischecked,theLDAP/S
server directly returns a ‘permission’ attribute and authorization
fortheaccountthatisloggingin.Withthisselection,theLDAP
schema must be extended.
• If the Enable Authorization checkboxisnotchecked,theLDAP/S
server indicates whether the account that is logging in is a
memberoftheKVMAdminGroupornot.Ifyes,theaccount
has full access rights. If no, the account has user access rights
(See the User Management section of this manual for details on
account permissions).
4. EntertheappropriateIPaddressandaccessportfortheLDAPor
LDAPSserverintheLDAPServerIPandPortelds.Thedefault
portnumberforLDAPis389,andis636forLDAPS.
5. In the Timeout (Seconds) field, enter the time in seconds that the
KVMwaitsforanLDAPorLDAPSserverreplybeforeittimesout.
6. ConsulttheLDAP/Sadministratorabouttheappropriate
entry for the LDAP Administrator DN field. For example, the
entrymightlooklikethis:cn=LDAPAdmin,ou=B022-U08-
IP,dc=tripplite,dc=com
7. In the LDAP Admin Passwordeld,keyintheLDAPadministrator’s
password.
8. In the Search DN field, set the distinguished name of the search base
(i.e. the domain name where the search starts for the user name).
Note: If the Enable Authorization checkbox is not checked, this field
must include the entry where the KVM Admin Group is created.
Consult the LDAP/S administrator about the appropriate entry for
this.
9. In the Admin Groupeld,keyinthegroupnameforKVM
administrator accounts. Note: If the Enable Authorization checkbox
is not checked, this field is used to authorize accounts that are
logging in. Accounts that are in this group have full access rights to
the KVM. Accounts that are not in this group have user access rights
to the KVM (See the UserManagementsection of this manual for
details on account permissions). Consult the LDAP/S administrator
about the appropriate entry for this.
10. OntheLDAPserver,settheaccessrightsforeachuser(The
followingsectionsdescribehowtocongureLDAP/Sforusewith
theKVMswitch).
ANMS – LDAP/S Configuration
ToallowauthenticationandauthorizationviaLDAPorLDAPS,the
activedirectory’sLDAPSchemamustbeextendedsothatanextended
attributenamefortheKVM—permission—isaddedasanoptional
attribute to the person class.
Note: Authentication refers to the identity verification of the person
logging into the KVM switch, whereas Authorization refers to the
assigning of device permissions.
InordertoconfiguretheLDAPserver,youwillhavetocompletethe
following procedures:
1. Install the Windows Support Tools.
2. InstalltheActiveDirectorySchemaSnap-In.
3. ExtendandUpdatetheActiveDirectorySchema.
Each of these procedures is described in the following sections:
Install the Windows Support Tools
1. On the Windows Server, open the Support Tools folder.
2. In the right panel of the dialog box that comes up, double click
SupTools.msi.
3. Follow along with the Installation Wizard to complete the
procedure.
Install the Active Directory Schema Snap-In
1. Open a Command prompt.
2. Keyinregsvr32 schmmgmt.dll to register schmmgmt.dll on your
computer.
3. Open the Start menu. Click Run and key in mmc /a. Click OK.
4. IntheFile menu of the screen that appears, click Add/Remove
Snap-in, and then click Add.
5. Under Available Standalone Snap-ins, double click Active
Directory Schema, click Close and then click OK.
6. Onthescreenyouarein,opentheFile menu and click Save.
7. When prompted where to save, specify the C:\Windows\system32
directory.
8. Keyinthefilename schmmgmt.msc.
9. ClickSave to complete the procedure.
Extend and Update the Active Directory Schema – Create a New
Attribute
1. Open Control Panel Administrative Tools Active Directory
Schema.
2. Intheleftpanelofthescreenthatcomesup,right-clickAttributes.
3. Select New Attribute.