beautypg.com

Adding attributes to the active directory schema, Ldap configuration and openldap, Using openldap, refer to – Brocade Fabric OS Administrators Guide (Supporting Fabric OS v7.3.0) User Manual

Page 162

background image

ADSI is a Microsoft Windows Resource Utility. This utility must be installed to proceed with the rest
of the setup. For Windows 2003, this utility comes with Service Pack 1 or you can download this
utility from the Microsoft website.

2. Go to CN=Users.
3. Select Properties. Click the Attribute Editor tab.
4. Double-click the adminDescription attribute.

The String Attribute Editor dialog box displays.

NOTE
The attribute can be added to user objects only.

5. Perform the appropriate action based on whether you are using Admin Domains or Virtual Fabrics:

• If you are using Admin Domains, enter the values of the Admin Domains separated by an

underscore ( _ ) into the Value field.

Example for adding Admin Domains:

adlist_0_10_200_endAd

Home Admin Domain (homeAD) for the user will be the first value in the adlist (Admin Domain list).
If a user has no values assigned in the adlist attribute, then the homeAD "0" will be the default
administrative domain for the user.

• If you are using Virtual Fabrics, enter the values of the logical fabrics separated by a semi-colon

( ; ) into the Value field.

Example for adding Virtual Fabrics:

HomeLF=10;LFRoleList=admin:128,10;ChassisRole=admin

In this example, the logical switch that would be logged in to by default is 10. If 10 is not available,
then the lowest FID available will be chosen. You would have permission to enter logical switch 128
and 10 in an admin role and you would also have the chassis role permission of admin.

NOTE
You can perform batch operations using the Ldifde.exe utility. For more information on importing
and exporting schemas, refer to your Microsoft documentation or visit

www.microsoft.com.

Adding attributes to the Active Directory schema

To create a group in Active Directory, refer to www.microsoft.com or Microsoft documentation. You
must:

• Add a new attribute brcdAdVfData as Unicode String.
• Add brcdAdVfData to the person’s properties.

LDAP configuration and OpenLDAP

Fabric OS provides user authentication and authorization by means of OpenLDAP or the Microsoft
Active Directory service in conjunction with LDAP on the switch. This section discusses authentication
and authorization using OpenLDAP. For information about authentication and authorization using
Microsoft Active Directory, refer to

LDAP configuration and Microsoft Active Directory

on page 160.

Two operational modes exist in LDAP authentication: FIPS mode and non-FIPS mode. This section
discusses LDAP authentication in non-FIPS mode. For information on LDAP in FIPS mode, refer to

Adding attributes to the Active Directory schema

162

Fabric OS Administrators Guide

53-1003130-01

See also other documents in the category Brocade Computer Accessories: