Manualshelf

Administrator Guide

ManualsBrandsDell ManualsserversDell Brocade 300
181182183184185186187188189190
Fabric OS Administrator’s Guide 183
53-1002920-02
Remote authentication
6
Assigning the group (role) to the user
To assign the user to a group in Active Directory, refer to www.microsoft.com or Microsoft
documentation. If you have a user-defined group, use the ldapCfg -–maprole ldap_role_name
switch_role command to map LDAP server permissions to one of the default roles available on a
switch. Alternatively, update the memberOf field with the login permissions (root, admin,
switchAdmin, user, and so on) that the user must use to log in to the switch.
Adding an Admin Domain or Virtual Fabric list
1. From the Windows Start menu, select Programs> Administrative Tools> ADSI.msc.
ADSI is a Microsoft Windows Resource Utility. This utility must be installed to proceed with the
rest of the setup. For Windows 2003, this utility comes with Service Pack 1 or you can
download this utility from the Microsoft website.
2. Go to CN=Users.
3. Select Properties. Click the Attribute Editor tab.
4. Double-click the adminDescription attribute.
The String Attribute Editor dialog box displays.
NOTE
The attribute can be added to user objects only.
5. Perform the appropriate action based on whether you are using Administrative Domains or
Virtual Fabrics:
If you are using Administrative Domains, enter the values of the Admin Domains separated
by an underscore ( _ ) into the Value field.
Example for adding Admin Domains
adlist_0_10_200_endAd
Home Admin Domain (homeAD) for the user will be the first value in the adlist (Admin
Domain list). If a user has no values assigned in the adlist attribute, then the homeAD "0"
will be the default administrative domain for the user.
If you are using Virtual Fabrics, enter the values of the logical fabrics separated by a
semi-colon ( ; ) into the Value field.
Example for adding Virtual Fabrics
HomeLF=10;LFRoleList=admin:128,10;ChassisRole=admin
In this example, the logical switch that would be logged in to by default is 10. If 10 is not
available, then the lowest FID available will be chosen. You would have permission to enter
logical switch 128 and 10 in an admin role and you would also have the chassis role
permission of admin.
NOTE
You can perform batch operations using the Ldifde.exe utility. For more information on
importing and exporting schemas, refer to your Microsoft documentation or visit
www.microsoft.com.