Raritan Computer DKX416 User Manual

Remote Authentication

172

Returning User Group Information via LDAP

When an LDAP authentication attempt succeeds, the Dominion KX
determines the permissions for a given user based on the permissions of
the user's group. Your remote LDAP server can provide these user group
names by returning an attribute named as follows:

• rciusergroup
• attribute type: string

This may require a schema extension on your LDAP server. Consult your
authentication server administrator to enable this attribute.

Returning User Group Information from Microsoft Active
Directory

1. Returning user group information from Microsoft's Active Directory

for Windows 2000 Server requires updating the LDAP schema. This
should be attempted only by an experienced Active Directory
administrator. Refer to your Microsoft documentation for more
detail.

2. Install the schema plug-in for Active Directory - refer to Microsoft

Active Directory documentation for instructions.

3. Run Active Directory Console and select Active Directory Schema.

4. Setting the Registry to Permit Write Operations to the Schema

5. To allow a domain controller to write to the schema, you must set a

registry entry that permits schema updates.

6. Right-click the Active Directory Schema root node in the left pane of

the window, and then click Operations Master.

7. Click on the checkbox before The Schema may be modified on this

Domain Controller.

8. Click OK.

¾

To create a new attribute:

1. To create new attributes for the rciusergroup class:

2. Click the + symbol before Active Directory Schema in the left pane of

the window.

3. Right-click Attributes in the left pane.