Cisco Systems 1.2 Manual De Usuario
distinguishedName: CN=CiscoAVPair,CN=Schema,CN=Configuration,CN=X
instanceType: 0x4
uSNCreated: 26318654
attributeID: 1.3.6.1.4.1.9.287247.1
attributeSyntax: 2.5.5.12
isSingleValued: TRUE
showInAdvancedViewOnly: TRUE
adminDisplayName: CiscoAVPair
adminDescription: UCS User Authorization Field
oMSyntax: 64
lDAPDisplayName: CiscoAVPair
name: CiscoAVPair
objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,CN=X
instanceType: 0x4
uSNCreated: 26318654
attributeID: 1.3.6.1.4.1.9.287247.1
attributeSyntax: 2.5.5.12
isSingleValued: TRUE
showInAdvancedViewOnly: TRUE
adminDisplayName: CiscoAVPair
adminDescription: UCS User Authorization Field
oMSyntax: 64
lDAPDisplayName: CiscoAVPair
name: CiscoAVPair
objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,CN=X
LDAP Providers
You can configure remote users, assign roles and locales from Cisco UCS Central the same way as you can
create LDAP users from Cisco UCS Manager. You should always create the LDAP provider from Cisco UCS
Central Domain Group root.
create LDAP users from Cisco UCS Manager. You should always create the LDAP provider from Cisco UCS
Central Domain Group root.
LDAP Provider Groups
You can define up to 28 LDAP provider groups and nest them up to as many levels as the Active Directory
supports for nesting in Cisco UCS Central. When you assign a provider to a nested group, even if the provider
is a member of a different LDAP group, they become authenticated member of the parent nested group. During
authentication, all the providers within a provider group are tried in order. If all of the configured servers are
unavailable or unreachable, Cisco UCS Central automatically falls back to the local authentication method
using the local username and password.
supports for nesting in Cisco UCS Central. When you assign a provider to a nested group, even if the provider
is a member of a different LDAP group, they become authenticated member of the parent nested group. During
authentication, all the providers within a provider group are tried in order. If all of the configured servers are
unavailable or unreachable, Cisco UCS Central automatically falls back to the local authentication method
using the local username and password.
Creating an LDAP Provider
Cisco UCS Central supports a maximum of 16 LDAP providers.
Before You Begin
If you are using Active Directory as your LDAP server, create a user account in the Active Directory server
to bind with Cisco UCS Central. This account should be given a non-expiring password.
to bind with Cisco UCS Central. This account should be given a non-expiring password.
• In the Cisco UCS Central, configure one of the following:
◦LDAP groups: LDAP groups contain user role and locale information.
◦Users with the attribute that holds the user role and locale information for Cisco UCS Central: You
can choose whether to extend the LDAP schema for this attribute. If you do not want to extend the
schema, use an existing LDAP attribute to hold the Cisco UCS Central user roles and locales. If
you prefer to extend the schema, create a custom attribute, such as the CiscoAVPair attribute.
schema, use an existing LDAP attribute to hold the Cisco UCS Central user roles and locales. If
you prefer to extend the schema, create a custom attribute, such as the CiscoAVPair attribute.
The Cisco LDAP implementation requires a unicode type attribute.
If you choose to create the CiscoAVPair custom attribute, use the following attribute ID:
1.3.6.1.4.1.9.287247.1
1.3.6.1.4.1.9.287247.1
◦For a cluster configuration, add the management port IP addresses for both fabric interconnects.
This configuration ensures that remote users can continue to log in if the first fabric interconnect
fails and the system fails over to the second fabric interconnect. All login requests are sourced
from these IP addresses, not the virtual IP address used by Cisco UCS Central.
fails and the system fails over to the second fabric interconnect. All login requests are sourced
from these IP addresses, not the virtual IP address used by Cisco UCS Central.
Cisco UCS Central Software User Manual, Release 1.2
36
Managing Administrative Settings
LDAP Providers