Ldap Query Parameters - Avocent SwitchView IP 1020 Mode D'emploi

To configure LDAP search parameters:
1. Select Appliance - Appliance Settings - User Accounts - LDAP Accounts - Search.
2. Enter the appropriate information in the Search DN, Search Password, Search Base and UID
Mask fields.
3. Click Save.
NOTE: These options cannot be changed if the LDAP Priority is set to LDAP Disabled on the Overview screen.

LDAP Query parameters

On the LDAP Query page, you can configure the parameters used when performing user
authentication queries.
The appliance performs two different types of queries. Query Mode (Appliance) is used to
authenticate administrators attempting to access the appliance itself. Query Mode (Target Device)
is used to authenticate users that are attempting to access attached target devices. Additionally,
each type of query has three modes that utilize certain types of information to determine whether or
not a VCS user has access to an appliance or connected target devices. See Appliance and Target
Device Query Modes on page 21 for detailed information on each mode.
You can configure the following settings on the LDAP Query page:
• The Query Mode (Appliance) parameters determine whether or not a user has access to
the appliance.
• The Query Mode (Target Device) parameters determine whether or not a user has user access
to target devices connected to an appliance. The user does not have access to the appliance.
• The Group Container, Group Container Mask and Target Mask fields are only used for group
query modes and are required when performing an appliance or device query.
• The Group Container field specifies the organizational unit (ou) created in Active Directory by
the administrator as the location for group objects. Group objects are Active Directory objects
that can contain users, computers, contacts and other groups. Group Container is used when
Query Mode is set to Group Attribute. Each group object, in turn, is assigned members to
associate with a particular access level for member objects (people, appliances and target
devices). The access level associated with a group is configured by setting the value of an
attribute in the group object. For example, if the Notes property in the group object is used to
implement the access control attribute, the Access Control Attribute field on the LDAP Query
page should be set to info. Setting the Notes property to KVM User Admin causes the
members of that group to have user administration access to the appliances and target devices
that are also members of that same group.
• The Notes property is used to implement the access control attribute. The value of the Notes
property, available in group and user objects shown in Active Directory Users and Computers
(ADUC), is stored internally in the directory, in the value of the info attribute. ADUC is a
Microsoft Management Console snap-in for configuring Active Directory. It is started by
Chapter 3: Web Interface Operations 19