Avocent 3008/3016 User Manual
62 AutoView 3008/3016 Switch Installer/User Guide
each type of query has three modes that utilize certain types of information to determine whether or
not an LDAP user has access to an appliance or connected target devices.
not an LDAP user has access to an appliance or connected target devices.
You can configure the following settings on the LDAP Query Page:
•
The Query Mode (Appliance) parameters determine whether or not a user has access to the
appliance.
appliance.
•
The Query Mode (Server) parameters determine whether a user has user access to servers
connected to an appliance. The user does not have access to the appliance, unless granted by
Query Mode (Appliance).
connected to an appliance. The user does not have access to the appliance, unless granted by
Query Mode (Appliance).
•
The Group Container, Group Container Mask and Target Mask fields are only used for group
query modes and are required when performing an appliance or device query.
query modes and are required when performing an appliance or device query.
•
The Group Container field specifies the organizational unit (ou) created in Active Directory by
the administrator as the location for group objects. Group objects are Active Directory objects
that can contain users, computers, contacts and other groups. Group Container is used when
Query Mode is set to Group Attribute. Each group object, in turn, is assigned members to
associate with a particular access level for member objects (people, appliances and target
devices). The access level associated with a group is configured by setting the value of an
attribute in the group object. For example, if the Notes property in the group objects is used to
implement the access control attribute, the Access Control Attribute field on the LDAP Query
Page should be set to info. Setting the Notes property to KVM User Admin causes the
members of that group to have user administration access to the appliances and target devices
that are also members of that same group.
the administrator as the location for group objects. Group objects are Active Directory objects
that can contain users, computers, contacts and other groups. Group Container is used when
Query Mode is set to Group Attribute. Each group object, in turn, is assigned members to
associate with a particular access level for member objects (people, appliances and target
devices). The access level associated with a group is configured by setting the value of an
attribute in the group object. For example, if the Notes property in the group objects is used to
implement the access control attribute, the Access Control Attribute field on the LDAP Query
Page should be set to info. Setting the Notes property to KVM User Admin causes the
members of that group to have user administration access to the appliances and target devices
that are also members of that same group.
•
The Group Container Mask field defines the object type of the Group Container, which is
normally an organizational unit. The default value is “ou=%1”.
normally an organizational unit. The default value is “ou=%1”.
•
The Target Mask field defines a search filter for the target device. The default value is
“cn=%1”.
“cn=%1”.
•
The Access Control Attribute field specifies the name of the attribute that is used when the
query modes are set to User Attribute or Group Attribute. The default value is info.
query modes are set to User Attribute or Group Attribute. The default value is info.
To configure LDAP query parameters:
1.
Select Configure-Appliance-Authentication-Search.
2.
Select either Basic, User Attribute or Group Attribute for the Appliance Query Mode and the
Server Query Mode.
Server Query Mode.
3.
Enter the appropriate information in the Group Container, Group Container Mask, Target Mask
and Access Control Attribute fields.
and Access Control Attribute fields.
4.
Click Save.
NOTE: These options cannot be changed if the LDAP Priority is set to LDAP Disabled on the Overview screen.
Appliance and Server Query Modes
One of three modes can each be used for Query Mode (Appliance) and Query Mode (Server):