49
7. Administration
(
continued
)
7.3.4 ANMS
(
continued
)
7. Click OK. When you return to the attribute editor page, the
B022-U08-IP-AccessRightentrynowreflectsthenewpermissions.
8. AfterenteringinthedesiredKVMpermissionattributevalue,click
Apply to save the change and complete the procedure.
9. RepeatthesestepsforanyotherusersyouwishtoassignKVM
permissions to.
OpenLDAP Server
OpenLDAPisanopensourceLDAPserverdesignedforUNIX
platforms. A Windows version can be downloaded from: http://
download.bergmans.us/openldap/openldap-2.2.29/openldap-2.2.29-db-
4.3.29-openssl-.9.8awin32_Setup.exe.
OpenLDAP Server Installation
After downloading the program, launch the installer, select your
language, accept the license and choose the target installation directory.
The default directory is:
c:\Program Files\OpenLDAP.
When the Select Components dialog box appears, select install BDB-
tools and install OpenLDAP-slapd as NT service options.
OpenLDAP Server Configuration
ThemainOpenLDAPconfigurationfile,slapd.conf,hastobe
customized before launching the server. The modifications to the
configuration file will do the following:
• Specifytheunicodedatadirectory.Thedefaultis./ucdata.
• ChoosetherequiredLDAPschemas.Thecoreschemaismandatory.
• ConfigurethepathfortheOpenLDAPpid and args start up files.
The first contains the server pid, the second includes command line
arguments.
• Choosethedatabasetype.Thedefaultisbdb (Berkeley DB).
• Specifytheserversuffix.Allentriesinthedirectorywillhavethis
suffix, which represents the root of the directory tree. For example,
with suffix dc=tripplite,dc=com, the fully qualified name of all
entries in the database will end with dc=tripplite,dc=com.
• Definethenameoftheadministratorentryfortheserver(rootdn),
along with its password (rootpw). This is the server’s super user. The
rootdn name must match the suffix defined above. (Since all entry
names must end with the defined suffix, and the rootdn is an entry.)
An example configuration file is provided:
Starting the Open LDAP Server
TostarttheOpenLDAPServer,runslapd(theOpenLDAPServer
executable file) from the command line. slapd supports a number of
command line options, the most important option is the d switch that
triggers debug information. For example, a command of slapd -d 256
wouldstartOpenLDAPwithadebuglevelof256,asshowninthe
following screenshot:
Note: For details about slapd options and their meanings, refer to the
OpenLDAP documentation.
Customizing the OpenLDAP Schema
The schema that slapd uses may be extended to support additional
syntaxes, matching rules, attribute types and object classes. In the case
oftheKVM,theUser class and the permission attribute are extended
to define a new schema. The extended schema file used to authenticate
andauthorizeusersloggingintotheKVMswitchisshowninthe
figure below.