beautypg.com

Test ldap settings – HP IO Accelerator for BladeSystem c-Class User Manual

Page 29

background image

Adding and editing LDAP providers 29

Sometimes in Active Directory, and some other LDAP deployments, a user is given group membership by
placing an attribute on the user's entry, for example memberOf. This role mapping grants the same role as

above for these cases:

1.

Set the Search Base DN field to the user's entry: ${dn}.

2.

Set the Search Filter: (memberOf=CN=administrators,OU=groups,DC=example,DC=com).

3.

Set the Scope to Base level.

4.

Set the Role to Server Admin.

Users who have the title of manager are in the Device Admin role
In this scenario, use an attribute called title on the user object to determine whether they are in the Device

Admin role.

1.

Set the Search Base DN field to the user's entry: ${dn}.

2.

Set the Search Filter: (title=manager).

3.

Set the Scope to Base level.

4.

Set the Role to Device Admin.

5.

Click Next Step to test your settings.

Grant a specific user the Server Admin role
There might be situations where a specific user is not in a group, but needs to be in a role. This can be done

by creating search criteria that matches true only for that user.

1.

Set the Search Base DN field to the user's entry: ${dn}.

2.

Set the Search Filter: (sAMAccountName=jdoe).

3.

Set the Scope to Base level.

4.

Set the Role to Server Admin.

Grant the User role to everyone who is able to authenticate
If you want everyone who is able to log in to have at least the User role, do the following:

1.

Set the Search Base DN field to the user's entry: ${dn}.

2.

Set the Search Filter: (objectclass=*).

3.

Set the Scope to Base level.

4.

Set the Role to User.

Test LDAP settings

This section provides information on testing your connection, user mapping, and role mappings

configuration.
Type the name of a user into the User field, for example jdoe, and then click Test.
The results of the test display in a step-by-step manner. Each step also contains timing information. This can

be helpful in fine-tuning your user mapping and role mappings.
Results should be similar to the following:

setup: 0 seconds.

Connection succeeded. Endpoint: ldaps://ldap.example.com:389

bind: 0 seconds.

Using search to resolve user. Base: ou=people,dc=example,dc=com Scope:

This manual is related to the following products:
See also other documents in the category HP Computer Accessories: