User's Manual
Using the CMC With Microsoft Active Directory 169
The Association property links together users or groups with a specific set of
privileges to one or more RAC devices. This model provides an Administrator
maximum flexibility over the different combinations of users, RAC privileges,
and RAC devices on the network without adding too much complexity.
Active Directory Object Overview
When there are two CMCs on the network that you want to integrate with
Active Directory for Authentication and Authorization, you must create at
least one Association Object and one RAC Device Object for each CMC. You
can create multiple Association Objects, and each Association Object can be
linked to as many users, groups of users, or RAC Device Objects as required.
The users and RAC Device Objects can be members of any domain in the
enterprise.
However, each Association Object can be linked (or, may link users, groups of
users, or RAC Device Objects) to only one Privilege Object. This example
allows an Administrator to control each user’s privileges on specific CMCs.
The RAC Device object is the link to the RAC firmware for querying Active
Directory for authentication and authorization. When a RAC is added to the
network, the Administrator must configure the RAC and its device object
with its Active Directory name so users can perform authentication and
authorization with Active Directory. Additionally, the Administrator must add
the RAC to at least one Association Object in order for users to authenticate.
Figure 7-1 illustrates that the Association Object provides the connection
that is needed for all of the Authentication and Authorization.
NOTE: The RAC privilege object applies to DRAC 4, DRAC 5, and the CMC.
You can create as many or as few Association Objects as required. However,
you must create at least one Association Object, and you must have one RAC
Device Object for each RAC (CMC) on the network that you want to
integrate with Active Directory.