Installation Manual

176 Using the iDRAC6 Directory Service
Generic LDAP Directory Service
iDRAC6 provides a generic solution to support Lightweight Directory Access
Protocol (LDAP) based authentication. This feature does not require any
schema extension on your directory services.
To make the iDRAC6 LDAP implementation generic, the commonality
between different directory services is utilized to group users and then map
the user
-group relationship. The directory service specific action is the
schema. For example, they may have different attribute names for the group,
user, and the link between the user and the group. These actions can be
configured in iDRAC6.
Login Syntax (Directory User versus Local User)
Unlike Active Directory, special characters ("@", "\", and "/") are not used to
differentiate an LDAP user from a local user. The login user should only enter
the user name, excluding the domain name. iDRAC6 takes the user name as
is and does not break it down to the user name and user domain. When
generic LDAP is enabled, iDRAC6 first tries to login the user as a directory
user. If it fails, local user lookup is enabled.
NOTE: There is no behavior change on the Active Directory login syntax. When
generic LDAP is enabled, the GUI login page displays only "This iDRAC" in the
drop-down menu.
NOTE: "<" and ">" characters are not allowed in the user name for openLDAP and
OpenDS based directory services.
Configuring Generic LDAP Directory Service Using the iDRAC6 Web-
Based Interface
1
Open a supported Web browser window.
2
Log in to the iDRAC6 Web-based interface.
3
Go to
iDRAC Settings
Network/Security
tab
Directory Service
tab
Generic LDAP Directory Service
.
The
Generic LDAP Configuration and Management
page displays the
current iDRAC6 generic LDAP settings. Scroll to the bottom of the
Generic LDAP Configuration and Management
page, and click
Configure Generic LDAP
.