Manualshelf

Users Guide

ManualsBrandsDell ManualsActive System ManagerDRAC5 Version 1.20 with Dell OpenManage 5.2
101102103104105106107108109110
106 Using the DRAC 5 With Microsoft Active Directory
Active Directory Schema Extensions
The Active Directory data is a distributed database of Attributes and Classes. The Active Directory
schema includes the rules that determine the type of data that can be added or included in the database.
The user class is one example of a Class that is stored in the database. Some example user class attributes
can include the user’s first name, last name, phone number, and so on. Companies can extend the Active
Directory database by adding their own unique Attributes and Classes to solve environment-specific
needs. Dell has extended the schema to include the necessary changes to support remote management
Authentication and Authorization.
Each Attribute or Class that is added to an existing Active Directory Schema must be defined with a
unique ID. To maintain unique IDs across the industry, Microsoft maintains a database of Active
Directory Object Identifiers (OIDs) so that when companies add extensions to the schema, they can be
guaranteed to be unique and not to conflict with each other. To extend the schema in Microsoft's Active
Directory, Dell received unique OIDs, unique name extensions, and uniquely linked attribute IDs for our
attributes and classes that are added into the directory service.
Dell extension is: dell
Dell base OID is: 1.2.840.113556.1.8000.1280
RAC LinkID range is:12070 to 12079
The Active Directory OID database maintained by Microsoft can be viewed at
http://msdn.microsoft.com/certification/ADAcctInfo.asp by entering our extension Dell.
Overview of the RAC Schema Extensions
To provide the greatest flexibility in the multitude of customer environments, Dell provides a group of
properties that can be configured by the user depending on the desired results. Dell has extended the
schema to include an Association, Device, and Privilege property. The Association property is used to link
together the users or groups with a specific set of privileges to one or more RAC devices. This model
provides an Administrator maximum flexibility over the different combinations of users, RAC privileges,
and RAC devices on the network without adding too much complexity.
Active Directory Object Overview
For each of the physical RACs on the network that you want to integrate with Active Directory for
Authentication and Authorization, create at least one Association Object and one RAC Device Object.
You can create multiple Association Objects, and each Association Object can be linked to as many users,
groups of users, or RAC Device Objects as required. The users and RAC Device Objects can be members
of any domain in the enterprise.
However, each Association Object can be linked (or, may link users, groups of users, or RAC Device
Objects) to only one Privilege Object. This example allows an Administrator to control each users
privileges on specific RACs.