Users Guide
NOTE: For information about the various elds, see the
Online Help
.
• Common Settings
• Server to use with LDAP:
– Static server — Specify the FQDN or IP address and the LDAP port number.
– DNS server — Specify the DNS server to retrieve a list of LDAP servers by searching for their SRV record within the
DNS.
The following DNS query is performed for SRV records:
_[Service Name]._tcp.[Search Domain]
where <Search Domain> is the root level domain to use within the query and <Service Name> is the service
name to use within the query.
For example:
_ldap._tcp.dell.com
where ldap is the service name and dell.com is the search domain.
4. Click Apply to save the settings.
NOTE: You must apply the settings before continuing. If you do not apply the settings, the settings are lost when
you navigate to the next page.
5. In the Group Settings section, click a Role Group.
6. On the Congure LDAP Role Group page, specify the group domain name and privileges for the role group.
7. Click Apply to save the role group settings, click Go Back To Conguration page, and then select Generic LDAP.
8. If you have selected Certicate Validation Enabled option, then in the Manage Certicates section, specify the CA certicate
to validate the LDAP server certicate during SSL handshake and click Upload. The certicate is uploaded to CMC and the
details are displayed.
9. Click Apply.
The generic LDAP directory service is congured.
Conguring Generic LDAP Directory Service Using RACADM
To congure the LDAP directory service, use the objects in cfgLdap and cfgLdapRoleGroup RACADM groups.
There are many options to congure LDAP logins. In most of the cases, some options can be used with their default settings.
NOTE: It is highly recommended to use the racadm testfeature -f LDAP command to test the LDAP settings for
rst time setups. This feature supports both IPv4 and IPv6.
The required property changes include enabling LDAP logins, setting the server FQDN or IP, and conguring the base DN of the
LDAP server.
• $ racadm config -g cfgLDAP -o cfgLDAPEnable 1
• $ racadm config -g cfgLDAP -o cfgLDAPServer 192.168.0.1
• $ racadm config -g cfgLDAP -o cfgLDAPBaseDN dc=
company,dc=com
CMC can be congured to optionally query a DNS server for SRV records. If the cfgLDAPSRVLookupEnable property is enabled,
the cfgLDAPServer property is ignored. The following query is used to search the DNS for SRV records:
_ldap._tcp.domainname.com
ldap in the above query is the cfgLDAPSRVLookupServiceName property.
cfgLDAPSRVLookupDomainName is congured to be domainname.com.
For more information about the RACADM commands, see the Chassis Management Controller for PowerEdge VRTX RACADM
Command Line Reference Guide available at dell.com/support/manuals.
129