EasyManua.ls Logo

IBM BladeCenter Management Module - Page 51

IBM BladeCenter Management Module
78 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
3.
To
configure
the
search
attributes,
use
the
following
information.
UID
Search
Attribute
When
the
binding
method
selected
is
Anonymous
authentication
or
Client
authentication,
the
initial
bind
to
the
LDAP
server
is
followed
by
a
search
request
directed
at
retrieving
specific
information
about
the
user,
including
the
distinguished
name,
login
permissions,
and
group
ownerships
of
the
user.
To
retrieve
this
information,
the
search
request
must
specify
the
attribute
name
used
to
represent
user
IDs
on
that
server.
Specifically,
this
name
is
used
as
a
search
filter
against
the
login
ID
entered
by
the
user.
This
attribute
name
is
configured
here.
If
this
field
is
left
blank,
a
default
of
UID
is
used
during
user
authentication.
For
example,
on
Active
Directory
servers,
the
attribute
name
used
for
user
IDs
is
often
sAMAccoutName.
When
the
binding
method
selected
is
User
principal
name
or
Strict
user
principal
name,
the
UID
Search
Attribute
field
defaults
automatically
to
userPrincipalName
during
user
authentication
if
the
user
ID
entered
has
the
form
userid@somedomain.
Group
Search
Attribute
When
the
Group
Filter
name
is
configured,
it
is
necessary
to
retrieve
from
the
LDAP
server
the
list
of
groups
to
which
a
particular
user
belongs.
This
is
required
to
perform
group
authentication.
To
retrieve
this
list,
the
search
filter
sent
to
the
server
must
specify
the
attribute
name
associated
with
groups.
This
field
specifies
this
attribute
name.
If
this
field
is
left
blank,
the
attribute
name
in
the
filter
will
default
to
memberOf.
Login
Permission
Attribute
When
a
user
is
successfully
authenticated
using
an
LDAP
server,
the
login
permissions
for
this
user
must
be
retrieved.
To
retrieve
these
permissions,
the
search
filter
sent
to
the
server
must
specify
the
attribute
name
associated
with
login
permissions.
This
field
specifies
this
attribute
name.
If
this
field
is
left
blank,
the
user
is
assigned
a
default
of
read-only
permissions,
assuming
user
and
group
authentication
passes.
When
successfully
retrieved,
the
attribute
value
returned
by
the
LDAP
server
is
interpreted
according
to
the
following
information:
v
It
must
be
a
bit
string
entered
as
12
consecutive
zeros
or
ones,
with
each
bit
representing
a
particular
set
of
functions.
For
example:
010000000000
or
000011001000.
The
bits
are
numbered
according
to
their
position.
The
leftmost
bit
is
bit
position
0,
and
the
rightmost
bit
is
bit
position
11.
A
value
of
1
at
a
particular
position
enables
that
particular
function.
A
value
of
0
disables
that
function.
There
are
12
available
bits,
which
are
described
in
the
following
list:
Deny
Always
(bit
position
0):
If
set,
a
user
will
always
fail
authentication.
This
function
can
be
used
to
block
a
particular
user
or
users
associated
with
a
particular
group.
Supervisor
Access
(bit
position
1):
If
set,
a
user
is
given
administrator
privileges.
The
user
has
read
and
write
access
to
every
function.
When
this
bit
is
set,
the
other
bits
below
do
not
have
to
be
set
individually.
Read
Only
Access
(bit
position
2):
If
set,
a
user
has
read-only
access
and
cannot
perform
any
maintenance
procedures
(for
example,
restart,
remote
actions,
and
firmware
updates),
and
nothing
can
be
modified
(using
the
save,
clear,
or
restore
functions).
Note
that
Chapter
3.
Using
the
management-module
Web
interface
41

Table of Contents

Related product manuals