LDAP Feature for the Remote Console Switch
198
the physical switch and one Association Object. The Association object is
used to link together the users or groups with a specific set of privileges to one
or more SIPs. This model provides an Administrator maximum flexibility over
the different combinations of users, RCS privileges, and SIPs on the Remote
Console Switch without adding too much complexity.
The RCS Device Object is the link to the Remote Console Switch for
querying Active Directory for authentication and authorization. When a
Remote Console Switch is added to the network, the Administrator must
configure the Remote Console Switch and its device object with its Active
Directory name so that users can perform authentication and authorization
with Active Directory. The Administrator will also need to add the Remote
Console Switch to at least one Association Object in order for users to
authenticate.
You can create as many Association Objects as you want, and each Association
Object can be linked to as many users, groups of users, or RCS Device
Objects as desired. The users and RCS Device Objects can be members of
any domain in the enterprise.
However, each Association Object may be linked (or, may link users, groups of
users, or RCS Device Objects) to only one Privilege Object. A Privilege
Object allows an Administrator to control which users have what kind of
privileges on specific SIPs.
Figure 9-6 illustrates that the Association Object provides the connection
that is needed for all of the Authentication and Authorization.