APC AP5610 User Manual
Chapter 8: Configuring LDAP 102
The UID Mask field specifies the search criteria for User ID searches of LDAP target devices. The
format should be in the form <name>=<%1>. The default value is KVM server
moduleAccountName=%1, which is correct for use with Active Directory. This field is required for
LDAP searches.
format should be in the form <name>=<%1>. The default value is KVM server
moduleAccountName=%1, which is correct for use with Active Directory. This field is required for
LDAP searches.
To configure LDAP search parameters:
1.
Select Appliance — Authentication — Search.
2.
Enter the appropriate information in the Search DN, Search Password, Search Base and UID
Mask fields.
Mask fields.
3.
Click Save.
LDAP query parameters
Clicking the Query Parameters tab displays the parameters used when performing user
authentication queries.
authentication queries.
The KVM switch performs two different types of queries. Appliance query mode is used to
authenticate administrators attempting to access the KVM switch itself. Server query mode is used
to authenticate users attempting to access attached target devices.
authenticate administrators attempting to access the KVM switch itself. Server query mode is used
to authenticate users attempting to access attached target devices.
Additionally, each type of query has three modes that utilize information you configure in the
Query tab to determine whether a Network Access Software user has access to a KVM switch or to
connected target devices.
Query tab to determine whether a Network Access Software user has access to a KVM switch or to
connected target devices.
Configure the following settings in the Query tab:
•
The Appliance Query Mode determines whether a Network Access Software user has access to
the KVM switch.
the KVM switch.
•
The Server Query Mode determines whether a Network Access Software user has user access
to target devices connected to a KVM switch. The user does not have access to the KVM
switch.
to target devices connected to a KVM switch. The user does not have access to the KVM
switch.
•
The Group Container, Group Container Mask and Target Mask fields are only used for group
query modes and are required when performing a KVM switch or device query.
query modes and are required when performing a KVM switch or device query.
•
The Group Container field specifies the organizational unit (ou) created in Active Directory by
the administrator as the location for group objects. Group objects are Active Directory objects
that can contain users, computers, contacts and other groups. Group Container is used when
Query Mode is set to Group. Each group object is assigned members to associate with a
particular access level for member objects (people, KVM switches and target devices). The
access level associated with a group is configured by setting the value of an attribute in the
group object. For example, if the Notes property in the group object is used to implement the
access control attribute, the Access Control Attribute field in the Query tab should be set to
info. Setting the Notes property to KVM User Admin causes the members of that group to have
user administration access to the KVM switches and target devices that are also members of
that KVM server module group.
the administrator as the location for group objects. Group objects are Active Directory objects
that can contain users, computers, contacts and other groups. Group Container is used when
Query Mode is set to Group. Each group object is assigned members to associate with a
particular access level for member objects (people, KVM switches and target devices). The
access level associated with a group is configured by setting the value of an attribute in the
group object. For example, if the Notes property in the group object is used to implement the
access control attribute, the Access Control Attribute field in the Query tab should be set to
info. Setting the Notes property to KVM User Admin causes the members of that group to have
user administration access to the KVM switches and target devices that are also members of
that KVM server module group.