Configuring and Using the TMM with LDAP / Active Directory



Similar documents
Using LDAP Authentication in a PowerCenter Domain

Using LDAP with Sentry Firmware and Sentry Power Manager (SPM)

Configuring Sponsor Authentication

SonicOS Enhanced 3.2 LDAP Integration with Microsoft Active Directory and Novell edirectory Support

Configuring User Identification via Active Directory

LDAP User Service Guide 30 June 2006

Skyward LDAP Launch Kit Table of Contents

SonicOS Enhanced 3.2 LDAP Integration with Microsoft Active Directory and Novell edirectory Support

Field Description Example. IP address of your DNS server. It is used to resolve fully qualified domain names

LDAP User Guide PowerSchool Premier 5.1 Student Information System

PineApp Surf-SeCure Quick

Configuring the Cisco ISA500 for Active Directory/LDAP and RADIUS Authentication

Basic Configuration. Key Operator Tools older products. Program/Change LDAP Server (page 3 of keyop tools) Use LDAP Server must be ON to work

To enable an application to use external usernames and passwords, you need to first configure CA EEM to use external directories.

WirelessOffice Administrator LDAP/Active Directory Support

IPedge Feature Desc. 5/25/12

LDAP Authentication and Authorization

Integrating Webalo with LDAP or Active Directory

PriveonLabs Research. Cisco Security Agent Protection Series:

F-Secure Messaging Security Gateway. Deployment Guide

Active Directory LDAP Quota and Admin account authentication and management

Active Directory 2008 Implementation. Version 6.410

LDAP and Active Directory Guide

Getting Started with Clearlogin A Guide for Administrators V1.01

Security Provider Integration LDAP Server

Integrating LANGuardian with Active Directory

Content Filtering Client Policy & Reporting Administrator s Guide

Authentication Methods

Chapter 3 Authenticating Users

1 Introduction. Windows Server & Client and Active Directory.

CMDBuild Authentication (file auth.conf)

Configure Directory Integration

VMware Identity Manager Administration

Integrating PISTON OPENSTACK 3.0 with Microsoft Active Directory

ProxySG TechBrief LDAP Authentication with the ProxySG

Cisco TelePresence Authenticating Cisco VCS Accounts Using LDAP

LDAP and Integrated Technologies: A Simple Primer Brian Kowalczyk, Kowal Computer Solutions Inc., IL Richard Kerwin, R.K. Consulting Inc.

Upgrading User-ID. Tech Note PAN-OS , Palo Alto Networks, Inc.

1 Introduction. Ubuntu Linux Server & Client and Active Directory. Page 1 of 14

Your Question. Net Report Answer

SSL VPN Portal Options

HP Device Manager 4.7

Importing data from Linux LDAP server to HA3969U

Connection Broker Managing User Connections to Workstations, Blades, VDI, and More. Quick Start with Microsoft Hyper-V

Version 9. Active Directory Integration in Progeny 9

WS_FTP Server. User Guide

Enterprise Knowledge Platform 5.6

Active Directory Authenication

Avatier Identity Management Suite

PGP Desktop LDAP Enterprise Enrollment

LDAP Directory Integration with Cisco Unity Connection

Adeptia Suite LDAP Integration Guide

Setting up LDAP settings for LiveCycle Workflow Business Activity Monitor

Sample Configuration: Cisco UCS, LDAP and Active Directory

Polycom RealPresence Resource Manager System Getting Started Guide

Managing Identities and Admin Access

Using LDAP for User Authentication

How to Logon with Domain Credentials to a Server in a Workgroup

How To Authenticate On An Xtma On A Pc Or Mac Or Ipad (For A Mac) On A Network With A Password Protected (For An Ipad) On An Ipa Or Ipa (For Mac) With A Log

Configuring HP Integrated Lights-Out 3 with Microsoft Active Directory

Lightweight Directory Access Protocol. BladeCenter Management Module and IBM Remote Supervisor Adapters

Integrate with Directory Sources

SchoolBooking LDAP Integration Guide

Active Directory integration with CloudByte ElastiStor

Job Reference Guide. SLAMD Distributed Load Generation Engine. Version 1.8.2

User Management Guide

Dante, Module LDAP. Inferno Nettverk A/S Oslo Research Park Gaustadalleen 21 NO-0349 Oslo Norway. Date: 2011/06/13 13:19:23

Getting Started Guide

How To - Implement Clientless Single Sign On Authentication in Single Active Directory Domain Controller Environment

Océ LDAP Adapter User Guide

Entrust Managed Services PKI. Configuring secure LDAP with Domain Controller digital certificates

Lightweight Directory Access Protocol (LDAP) Schoolwires Centricity2

NetIQ Advanced Authentication Framework - MacOS Client

Microsoft Active Directory Authentication with SonicOS 3.0 Enhanced and SonicOS SC 1.0 (CSM 2100CF)

StarTeam/CaliberRM LDAP QuickStart Manager Administration Guide

LDAP Implementation AP561x KVM Switches. All content in this presentation is protected 2008 American Power Conversion Corporation

How To - Implement Single Sign On Authentication with Active Directory

Scan Features Minimum Requirements Guide WorkCentre M123/M128 WorkCentre Pro 123/ P42081

VERALAB LDAP Configuration Guide

NSi Mobile Installation Guide. Version 6.2

HP Device Manager 4.6

Multi-factor Authentication using Radius

From Release 8.0, IPv6 can also be used to configure the LDAP server on the controller.

Oracle Identity Manager, Oracle Internet Directory

CA Performance Center

Installation and Configuration Guide

Dell KACE K1000 Management Appliance. Service Desk Administrator Guide. Release 5.3. Revision Date: May 13, 2011

Embedded Web Server Security

Single Sign-On in SonicOS Enhanced 5.5

Introduction to Directory Services

Managing Users and Identity Stores

Summary. How-To: Active Directory Integration. April, 2006

The following process allows you to configure exacqvision permissions and privileges for accounts that exist on an Active Directory server:

Network Load Balancing

IIS, FTP Server and Windows

IMPLEMENTING DIRECTORY SERVICES INTEGRATION WITH HELIX MEDIA LIBRARY Revision Date: September 2014

Single Sign-On in SonicOS Enhanced 4.0

TRITON Unified Security Center Help

LDAP / SSO Authentication

Managing User Accounts

Transcription:

Configuring and Using the TMM with LDAP / Active Lenovo ThinkServer April 27, 2012 Version 1.0

Contents Configuring and using the TMM with LDAP / Active... 3 Configuring the TMM to use LDAP... 3 Configuring the LDAP Server... 4 Configuring the LDAP Server Dynamically... 4 Configuring the LDAP Server Manually... 5 Configuring LDAP Search Parameters... 5 Configuring Group Authentication... 6 Binding to the LDAP Server... 7 Configuring User Permissions... 7 2

Configuring and using the TMM with LDAP / Active Using a Lightweight Access Protocol (LDAP) server, the TMM can authenticate a user by querying an LDAP directory instead of using the local user repository in the TMM. LDAP can also be used to assign users to groups and require group authentication as well as user authentication. User authority levels can also be assigned using information found in the. When using LDAP to authenticate users, users must login using the form: user@domain.com Configuring the TMM to use LDAP The TMM contains an LDAP client that provides user authentication through one or more LDAP servers. The following describes the procedure to configure the TMM to use a Windows Server 2008 R2 Active server. After logging in to the TMM web interface, select LDAP from the navigation pane. The LDAP Configuration Page is displayed (see Figure 1). Figure 1 - LDAP Configuration Page To enable the TMM to use LDAP, check the Enable LDAP checkbox. 3

Configuring the LDAP Server The LDAP servers used can either be configured dynamically, or the configuration information can be specified manually. Configuring the LDAP Server Dynamically To dynamically discover the LDAP server, select the Use DNS to find servers checkbox. The TMM uses the DNS SRV record as specified by RFC 2782 to define the location (e.g. hostname and port number) of the server. The following information is required : Domain Name for DNS SVR request Service Name Specifying the Domain Name for DNS SVR request The DNS SRV request that is sent to the DNS server must specify a domain name. The LDAP client determines where to get this domain name based on which option for the Domain Source is selected. Insure the DNS server address is configured in the network configuration. Use Domain from Login: The LDAP client uses the domain name extracted from the login ID. For example, if the login ID is LdapUser@test.tmm.com, the domain name is test.tmm.com. If the domain name cannot be obtained, the DNS SRV request will fail, causing the user authentication to fail. Figure 2 - Use DNS to configure servers specifying domain source from login Use Configured Search Domain: The LDAP client uses the domain name that is configured in the Domain Name for DNS SVR request parameter. When using this option, enter the domain name to use in the Domain Name for DNS SVR request field. 4

Figure 3 - Use DNS to configure servers preconfiguring domain source Try Login Domain, then Configured: The LDAP client first attempts to extract the domain name from the login ID. If this is successful, this domain name is used in the DNS SRV request. If no domain name is present in the login ID, the LDAP client uses the configured Search Domain parameter as the domain name in the DNS SRV request. If nothing is configured, user authentication will fail. Specifying the Service Name The DNS SRV request that is sent to the DNS server must also specify a service name. Service Name The configured value is used. If nothing is entered in this field, the default value is ldap. Configuring the LDAP Server Manually If the LDAP server information will be specified manually, deselect the Use DNS to find servers checkbox. Enter the fully qualified host name or IP Address and port number for at least one and up to three domain controllers. The default port number is 389. Figure 4 - Configure LDAP servers manually Configuring LDAP Search Parameters The following fields must be specified: 5

Base Domain Name Specify the distinguished name (DN) of the root entry of the directory tree on the LDAP server that should be used as the base object for all authentication searches. For Active, this must be entered in dc=domain, dc=com format. For OpenLDAP, use the format dc=domain.com. UID Search Object Value The initial bind to the LDAP server is followed by a search request that retrieves specific information about the user, including the distinguished name, login permissions, and group membership. The search request must specify the attribute name that is used to represent user IDs on that server. Specify the search attribute here. With Active servers, this attribute name is usually samaccountname. With OpenLDAP servers, it is usually uid. Figure 5 Base Domain Name and UID Search Object Value Configuring Group Authentication A TMM can be associated with one or more directory groups, and a user will only be authenticated if the user also belongs to at least one group that is associated with the TMM. To use group authentication, the following fields are used: Group Filter When the group filter field is configured, it is used to specify to which groups the TMM belongs, and requires that the user belong to at least one of the groups specified for authentication to succeed. Nested groups are not supported. If the Group Filter field is left blank, group authentication is ignored. The Group Filter can consist of one or more group names, and authentication will succeed if the user is a member of at least one of the groups listed. Comparison of group names is case sensitive. Syntactically, group names must be separated by the colon (:) character. Leading and trailing spaces are ignored, but any other space is treated as part of the group name. Wildcards in the group name are allowed, although not in the first character position. For example, the group filter can be specified as a specific group name (GroupA) or a group name with a wildcard (Group*). Figure 6 LDAP Group Authentication specifying the user must be a member of either GroupB or GroupC Group ID Attribute this parameter specifies the attribute name that is used to identify the groups to which a user belongs. In Active, this is usually memberof. 6

Binding to the LDAP Server Binding is the step where the LDAP server authenticates the client and, if the client is successfully authenticated, allows the client access to the LDAP server based on that client's privileges. These fields are required to authenticate with LDAP. Binding Method Before the LDAP server can be searched or queried, a bind request must be sent. This parameter controls how this initial bind to the LDAP server is performed. Choose one of the options from the Binding Method drop down box: Use anonymous bind: Bind without a distinguished name (DN) or password. Because most servers do not allow search requests on specific user records, this option is not recommended. Use Configured Credentials: If this method is selected, specify the Client ID used with CC binding, and the Client Password used with CC binding. The Client ID must be provided as a fully qualified domain (for example, LdapUser@test.TMM.com). Figure 7 Bind using configured credentials Use Login Credentials: Bind with the credentials that are supplied during the login process. The user ID is provided as a fully qualified domain name. Figure 8 Bind using login credentials Configuring User Permissions Permissions define the role privileges the user has after login. The roles determined from the permission group are applied globally across all access methods available in the TMM (e.g. Web interface, IPMI over LAN, IPMI over Serial, and Serial over LAN). For example, in Active, permissions are stored in the Description field of the user object (see Figure 9). 7

Permissions cannot be stored at the group level. Figure 9 Configuring Active User Permissions The attribute value that represents the user permissions is interpreted according to the information in Table 1: Role Permission Value Administrator 111111111 Operator 111110011 User 000000001 Table 1 - User Permission Values The TMM LDAP client must be configured to identify the location in the user object where the permission information is stored. Attribute to query permission in group This field specifies the attribute name that is associated with login permissions. This attribute must be specified, or the login will fail. Figure 10 Attribute to query permissions 8

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information