Users Guide

ManualsBrandsDell ManualsserversDell Brocade M6505

181

182

183

184

185

186

187

188

189

190

188 Fabric OS Administrator’s Guide

53-1002920-02

Remote authentication

1. In a schema file, assign the brcdAdVfData attribute to a user class.

The following sample schema file defines a new objectClass named “user” with optional

attributes “brcdAdVfData” and “description”.

#New attr brcdAdVfData

attributetype ( 1.3.6.1.4.1.8412.100

NAME ( 'brcdAdVfData' )

DESC 'Brocade specific data for LDAP authentication'

EQUALITY caseIgnoreIA5Match

SUBSTR caseIgnoreIA5SubstringsMatch

SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )

objectclass ( 1.3.6.1.4.1.8412.110 NAME 'user'

DESC 'Brocade switch specific person'

SUP top AUXILIARY

MAY ( brcdAdVfData $ description ) )

2. Include the schema file in the slapd.conf file.

The following example slapd.conf line assumes that local.schema contains the attribute

definition provided in step 1.

include /usr/local/etc/openldap/schema/local.schema

3. Include the brcdAdVfData attribute in a user entry in the LDAP directory.

• If you are using Administrative Domains, enter the value of each Admin Domain separated by

an underscore ( _ ). Each number represents the number of the Admin Domain to which the

user has access. The first such number represents the user’s Home domain.

Example for adding Admin Domains

In the following example, the user is granted access to Admin Domains 0, 10, and 200. Admin

Domain 0 is the domain that the user initially logs in to.

brcdAdVfData: adlist_0_10_200_endAd

• If you are using Virtual Fabrics, enter the value of the logical fabrics to which the user has

access. Up to three value fields can be specified, separated by an semicolons ( ; ):

- The HomeLF field specifies the user’s home Logical Fabric.

- The LFRole list field specifies the additional Logical Fabrics to which the user has access

and the user’s access permissions for those Logical Fabrics. Logical Fabric numbers are

separated by commas ( , ). A hyphen ( - ) indicates a range.

- The ChassisRole field designates the permissions that apply to the ChassisRole subset of

commands.

Example for adding Virtual Fabrics

In the following example, the logical switch that would be logged in to by default is 10. If 10 is

not available, then the lowest FID available will be chosen.The user is given permission to enter

logical switches 1 through 128 in an admin role and is also given the chassis role permission

of admin.

brcdAdVfData: HomeLF=10;LFRoleList=admin:1-128;ChassisRole=admin

The following fragment from a file named test4.ldif provides an entry for a user with Virtual Fabric

access roles.

# Organizational Role for Users

dn: cn=Users,dc=mybrocade,dc=com