Owners manual
123KVM Access Management Software User Manual
Example 2. By default OpenLDAP only supports the Group has Member attribute setting for the group
related schema. This was the setting used in Example 1. An alternative setting used by other LDAP
servers, User has Member Of attribute, is also supported under OpenLDAP by extending the schema.
In this example the external server is OpenLDAP on Windows Server 2003 as shown in the “LDAP/
LDAPS - OpenLDAP Setting Example” on page 118.
1. Under the KVM ACCESS User Manager tab, select Authentication Services > Authentication
Servers.
2. Select the OpenLDAP server; then click Group Authorization.
3. Click the User has Member Of attribute radio button.
4. Click Add (at the top-right of the panel).
5. In this example add the groups1 group.
The OpenLDAP administrator uses this name (groups1 in the example) to create a group under
OpenLDAP with the same name as the one just created on the KVM ACCESS server, as follows:
1. Open the core.schema file. Extend the schema as follows:
attributetype ( 1.2.840.113556.1.2.102
NAME 'memberof'
DESC 'RFC2256: member of a group'
SUP distinguishedName )
objectclass ( 1.2.840.113556.1.5.9
NAME 'person'
SUP organizationalPerson
STRUCTURAL
MUST ( cn )
MAY ( userPassword $ description $ sn $ mail $ memberof ) )
2. Edit the kvmaccessldap.ldif file to add a user account to the groups1 group as follows:
dn: cn=kvmaccesstest,ou=software,dc=apc,dc=com
objectclass: top
objectclass: person
objectclass: organizationalPerson
cn: kvmaccesstest
sn: kvmaccesstest
memberof: cn=groups1,ou=groups,dc=apc,dc=com
userPassword: apc
Note: 1. The entry after dn: cn= should be an actual user login name.
2. The entry after objectclass: should be consistent with the name that was entered for
NAME in the extended schema.
3. The entry after memberof: cn= should be the name of an actual group created under
Group Authorization (see Group Authorization, page 72) on the KVM ACCESS
server.