Raritan Computer DKX116 User Manual
C
HAPTER
3:
A
DMINISTRATIVE
F
UNCTIONS
41
• Certificate File: Consult your authentication server administrator for the appropriate values
to type into this field in order to process LDAP authentication queries from Dominion KX.
Returning User Group Information via LDAP
When an LDAP authentication attempt succeeds, Dominion KX determines the permissions for a
given user based on the permissions of the user’s group. Your remote LDAP server can provide
these user group names by returning an attribute named as follows:
When an LDAP authentication attempt succeeds, Dominion KX determines the permissions for a
given user based on the permissions of the user’s group. Your remote LDAP server can provide
these user group names by returning an attribute named as follows:
rciusergroup
attribute type: string
This may require a schema extension on your LDAP server. Please consult your authentication
server administrator to enable this attribute.
server administrator to enable this attribute.
Returning User Group Information from Microsoft Active Directory
Returning user group information from Microsoft’s Active Directory for Windows 2000 Server
requires updating the LDAP schema. This should be attempted only by an experienced Active
Directory administrator. Please refer to your Microsoft documentation for more detail.
1. Install the schema plug-in for Active Directory – please refer to Microsoft Active Directory
documentation for instructions.
2. Run Active Directory Console and select Active Directory Schema.
Setting the Registry to Permit Write Operations to the Schema
To allow a domain controller to write to the schema, you must set a registry entry that permits
schema updates.
schema updates.
1. Right-click the Active Directory Schema root node in the left pane of the window, and then
click Operations Master.
2. Click on the check box before The Schema may be modified on this Domain Controller.
3. Click OK.
3. Click OK.