Installation Manual
Using the iDRAC6 Directory Service 183
3
Disable certificate validation if you choose to trust this domain controller
without certificate validation during the SSL handshake.
I am using extended schema in a multiple domain environment. How
should I configure the domain controller address(es)?
This should be the host name (FQDN) or the IP address of the domain
controller(s) that serves the domain in which the iDRAC6 object resides.
When do I need to configure Global Catalog Address(es)?
If you are using extended schema, the Global Catalog Address is not used.
If you are using standard schema and users and role groups are from different
domains, Global Catalog Address(es) are required. In this case, only Universal
Group can be used.
If you are using standard schema and all the users and all the role groups are
in the same domain, Global Catalog Address(es) are not required.
How does standard schema query work?
iDRAC6 connects to the configured domain controller address(es) first, if the
user and role groups are in that domain, the privileges will be saved.
If Global Controller Address(es) is configured, iDRAC6 continues to query
the Global Catalog. If additional privileges are retrieved from the Global
Catalog, these privileges will be accumulated.
Does iDRAC6 always use LDAP over SSL?
Yes. All the transportation is over secure port 636 and/or 3269.
During test setting, iDRAC6 does a LDAP CONNECT only to help isolate
the problem, but it does not do an LDAP BIND on an insecure connection.
Why does iDRAC6 enable certificate validation by default?
iDRAC6 enforces strong security to ensure the identity of the domain
controller that iDRAC6 connects to. Without certificate validation, a hacker
could spoof a domain controller and hijack the SSL connection. If you choose
to trust all the domain controllers in your security boundary without
certificate validation, you can disable it through the GUI or the CLI.
Does iDRAC6 support the NetBIOS name?
Not in this release.