35
7.2.3 Remote OSD Administration Tab
(
continued
)
7. Administration
(
continued
)
ToallowauthenticationandauthorizationviaLDAP/S,dothe
following:
1. Check the Enable LDAP Authentication checkbox.
2. SelectLDAPorLDAPS.
3. Determinewhethertoenableauthorizationornot.
• If the Enable Authorization checkboxischecked,theLDAP/S
server directly returns a ‘permission’ attribute and authorization
fortheaccountthatisloggingin.Withthisselection,theLDAP
schema must be extended.
• If the Enable Authorization checkboxisnotchecked,theLDAP/S
server indicates whether the account that is logging in is a
memberoftheKVMAdminGroupornot.Ifyes,theaccount
has full access rights. If no, the account has user access rights
(See the User Management section of this manual for details on
account permissions).
4. EntertheappropriateIPaddressandaccessportfortheLDAPor
LDAPSserverintheLDAPServerIPandPortelds.Thedefault
portnumberforLDAPis389,andis636forLDAPS.
5. In the Timeout (Seconds) field, enter the time in seconds that the
KVMwaitsforanLDAPorLDAPSserverreplybeforeittimesout.
6. ConsulttheLDAP/Sadministratorabouttheappropriate
entry for the LDAP Administrator DN field. For example, the
entrymightlooklikethis:cn=LDAPAdmin,ou=B022-U08-
IP,dc=tripplite,dc=com
7. In the LDAP Admin Passwordeld,keyintheLDAPadministrator’s
password.
8. In the Search DN field, set the distinguished name of the search base
(i.e. the domain name where the search starts for the user name).
Note: If the Enable Authorization checkbox is not checked, this field
must include the entry where the KVM Admin Group is created.
Consult the LDAP/S administrator about the appropriate entry for
this.
9. In the Admin Groupeld,keyinthegroupnameforKVM
administrator accounts. Note: If the Enable Authorization checkbox
is not checked, this field is used to authorize accounts that are
logging in. Accounts that are in this group have full access rights to
the KVM. Accounts that are not in this group have user access rights
to the KVM (See the UserManagementsection of this manual for
details on account permissions). Consult the LDAP/S administrator
about the appropriate entry for this.
10. OntheLDAPserver,settheaccessrightsforeachuser(The
followingsectionsdescribehowtocongureLDAP/Sforusewith
theKVMswitch).
ANMS – LDAP/S Configuration
ToallowauthenticationandauthorizationviaLDAPorLDAPS,the
activedirectory’sLDAPSchemamustbeextendedsothatanextended
attributenamefortheKVM—permission—isaddedasanoptional
attribute to the person class.
Note: Authentication refers to the identity verification of the person
logging into the KVM switch, whereas Authorization refers to the
assigning of device permissions.
InordertoconfiguretheLDAPserver,youwillhavetocompletethe
following procedures:
1. Install the Windows Support Tools.
2. InstalltheActiveDirectorySchemaSnap-In.
3. ExtendandUpdatetheActiveDirectorySchema.
Each of these procedures is described in the following sections:
Install the Windows Support Tools
1. On the Windows Server, open the Support Tools folder.
2. In the right panel of the dialog box that comes up, double click
SupTools.msi.
3. Follow along with the Installation Wizard to complete the
procedure.
Install the Active Directory Schema Snap-In
1. Open a Command prompt.
2. Keyinregsvr32 schmmgmt.dll to register schmmgmt.dll on your
computer.
3. Open the Start menu. Click Run and key in mmc /a. Click OK.
4. IntheFile menu of the screen that appears, click Add/Remove
Snap-in, and then click Add.
5. Under Available Standalone Snap-ins, double click Active
Directory Schema, click Close and then click OK.
6. Onthescreenyouarein,opentheFile menu and click Save.
7. When prompted where to save, specify the C:\Windows\system32
directory.
8. Keyinthefilename schmmgmt.msc.
9. ClickSave to complete the procedure.
Extend and Update the Active Directory Schema – Create a New
Attribute
1. Open Control Panel Administrative Tools Active Directory
Schema.
2. Intheleftpanelofthescreenthatcomesup,right-clickAttributes.
3. Select New Attribute.