Issue

Need assistance or instructions on configuring LDAP/LDAPS with Digital IP KVM Switches


Product Line

• KVM1116P
• KVM2116P
• KVM2132P

Environment

• Microsoft Active Directory 2003
• KVMXXXX Digital IP KVM Switches

Resolution

Please refer to the information below in order to configure LDAP or LDAPS on Microsoft Active Directory 2003.

The KVM switch allows log in authentication and authorization through external programs. To allow authentication and authorization via LDAP or LDAPS, the Active Directory's LDAP Schema must be extended so that an extended attribute name for the KVM switch (Example: iKVM-userprofile) is added as an optional attribute to the person class.

Note: Authentication refers to determining the authenticity of the person logging in. Authorization refers to assigning permission to use the device's various functions.

In order to configure the LDAP server, you will have to complete the following procedures:

1. Install the Windows Server Support Tools
2. Install the Active Directory Schema Snap-in and;
3. Extend and Update the Active Directory Schema


Configuring LDAP with Windows 2003 Server


Install the Windows 2003 Support Tools. To install the Windows 2003 Support Tools:

1. On your Windows Server CD, open the Support >Tools folder.
2. In the right panel of the dialog box that opens, double click SupTools.msi.
3. Follow the Installation Wizard to complete the procedure.

Install the Active Directory Schema Snap-in.

1. Open a Command Prompt.
2. Enter: regsvr32 schmmgmt.dll to register schmmgmt.dll on your Active Directory computer.
3. Open the Start menu; Click Run. Enter: mmc /a & Click OK.
4. On the File menu of the screen that appears, click Add/Remove Snap-in; then click Add.
5. Under Available Standalone Snap-ins, double click Active Directory Schema. Click Close. Click OK.
6. On the screen you are in, open the File menu and click Save.
7. For Save in, specify the C:\Windows\system32 directory.
8. For File name, enter schmmgmt.msc.
9. Click Save to finish.

Create a Start Menu Shortcut Entry.

1. Right click Start. Select Open all Users > Programs > Administrative Tools.
2. On the File menu, select New > Shortcut.
3. In the dialog box that opens, browse to, or enter the path to schmmgmt.msc
(C:\Windows\system32\schmmgmt.msc), then click Next.
4. In the dialog box that opens, enter Active Directory Schema as the name for the shortcut, then click Finish.

Extend and Update the Active Directory Schema.

1. Create a new attribute.
2. Extend the object class with the new attribute.
3. Edit the active directory users with the extended schema.

Creating a New Attribute.

1. From the Start menu, open Administrative Tools > Active Directory Schema.
2. In the left panel of the screen that opens, right-click Attributes.
3. Select New > Attribute.
4. In the warning message that opens, click Continue to open the Create New Attribute dialog box.
5. Fill in the dialog box to match the entries for Description and Common Name shown below, then click OK to complete the procedure.

Note: The X500 Object ID must be unique and uses periods, not commas.




Extend the Object Class With the New Attribute.

1. Open the Control Panel > Administrative Tools > Active Directory Schema.
2. In the left panel of the screen that opens, select Classes.
3. In the right panel, right-click person.
4. Select Properties. The person Properties dialog box opens with the General page displayed. Click the Attributes tab.
5. On the Attributes page, click Add.
6. In the list that opens, select iKVM-userprofile, then click OK to finish.





Editing Active Directory Users. To edit Active Directory Users With the Extended Schema:

1. Run ADSI Edit. (Installed as part of the Support Tools.)
2. In the left panel, open Domain, and navigate to the DC=domain,DC=com CN=Users node.
3. In the right panel, locate the user you wish to edit.
4. Right-click on the user's name and select properties.
5. On the Attribute Editor page of the dialog box, select iKVM-userprofile from the list.





6. Click Edit to open the String Attribute Editor.
7. Enter the KVM permission attribute values.
8. Click OK. Return to the Attribute Editor page. The iKVM-userprofile entry now reflects the new permissions. Click Apply to save the change and complete the procedure. The new user now has the same permissions as user. Repeat to add other users.





Note: "Administrator" represents the username of a KVM user whose permissions reflect the permissions you want the new user to have (see “Users” on page 59 of the User's Guide ).


Note: When logging in to access the KVM Switch, the common name of the user should be used in the username field. For example, if the user ID is "jsmith", but the common name for the entry is "John Smith", then "John Smith" would need to be entered as the username for the KVM

發佈於: 施耐德電機Taiwan

Issue

Need assistance or instructions on configuring LDAP/LDAPS with Digital IP KVM Switches


Product Line

• KVM1116P
• KVM2116P
• KVM2132P

Environment

• Microsoft Active Directory 2003
• KVMXXXX Digital IP KVM Switches

Resolution

Please refer to the information below in order to configure LDAP or LDAPS on Microsoft Active Directory 2003.

The KVM switch allows log in authentication and authorization through external programs. To allow authentication and authorization via LDAP or LDAPS, the Active Directory's LDAP Schema must be extended so that an extended attribute name for the KVM switch (Example: iKVM-userprofile) is added as an optional attribute to the person class.

Note: Authentication refers to determining the authenticity of the person logging in. Authorization refers to assigning permission to use the device's various functions.

In order to configure the LDAP server, you will have to complete the following procedures:

1. Install the Windows Server Support Tools
2. Install the Active Directory Schema Snap-in and;
3. Extend and Update the Active Directory Schema


Configuring LDAP with Windows 2003 Server


Install the Windows 2003 Support Tools. To install the Windows 2003 Support Tools:

1. On your Windows Server CD, open the Support >Tools folder.
2. In the right panel of the dialog box that opens, double click SupTools.msi.
3. Follow the Installation Wizard to complete the procedure.

Install the Active Directory Schema Snap-in.

1. Open a Command Prompt.
2. Enter: regsvr32 schmmgmt.dll to register schmmgmt.dll on your Active Directory computer.
3. Open the Start menu; Click Run. Enter: mmc /a & Click OK.
4. On the File menu of the screen that appears, click Add/Remove Snap-in; then click Add.
5. Under Available Standalone Snap-ins, double click Active Directory Schema. Click Close. Click OK.
6. On the screen you are in, open the File menu and click Save.
7. For Save in, specify the C:\Windows\system32 directory.
8. For File name, enter schmmgmt.msc.
9. Click Save to finish.

Create a Start Menu Shortcut Entry.

1. Right click Start. Select Open all Users > Programs > Administrative Tools.
2. On the File menu, select New > Shortcut.
3. In the dialog box that opens, browse to, or enter the path to schmmgmt.msc
(C:\Windows\system32\schmmgmt.msc), then click Next.
4. In the dialog box that opens, enter Active Directory Schema as the name for the shortcut, then click Finish.

Extend and Update the Active Directory Schema.

1. Create a new attribute.
2. Extend the object class with the new attribute.
3. Edit the active directory users with the extended schema.

Creating a New Attribute.

1. From the Start menu, open Administrative Tools > Active Directory Schema.
2. In the left panel of the screen that opens, right-click Attributes.
3. Select New > Attribute.
4. In the warning message that opens, click Continue to open the Create New Attribute dialog box.
5. Fill in the dialog box to match the entries for Description and Common Name shown below, then click OK to complete the procedure.

Note: The X500 Object ID must be unique and uses periods, not commas.




Extend the Object Class With the New Attribute.

1. Open the Control Panel > Administrative Tools > Active Directory Schema.
2. In the left panel of the screen that opens, select Classes.
3. In the right panel, right-click person.
4. Select Properties. The person Properties dialog box opens with the General page displayed. Click the Attributes tab.
5. On the Attributes page, click Add.
6. In the list that opens, select iKVM-userprofile, then click OK to finish.





Editing Active Directory Users. To edit Active Directory Users With the Extended Schema:

1. Run ADSI Edit. (Installed as part of the Support Tools.)
2. In the left panel, open Domain, and navigate to the DC=domain,DC=com CN=Users node.
3. In the right panel, locate the user you wish to edit.
4. Right-click on the user's name and select properties.
5. On the Attribute Editor page of the dialog box, select iKVM-userprofile from the list.





6. Click Edit to open the String Attribute Editor.
7. Enter the KVM permission attribute values.
8. Click OK. Return to the Attribute Editor page. The iKVM-userprofile entry now reflects the new permissions. Click Apply to save the change and complete the procedure. The new user now has the same permissions as user. Repeat to add other users.





Note:  "Administrator" represents the username of a KVM user whose permissions reflect the permissions you want the new user to have (see “Users” on page 59 of the User's Guide ).


Note: When logging in to access the KVM Switch, the common name of the user should be used in the username field. For example, if the user ID is "jsmith", but the common name for the entry is "John Smith", then "John Smith" would need to be entered as the username for the KVM
 

發佈於: 施耐德電機Taiwan