In This Chapter
Returning User Group Information ....................................................... 472
Setting the Registry to Permit Write Operations to the Schema .......... 473
Creating a New Attribute....................................................................... 473
Adding Attributes to the Class .............................................................. 474
Updating the Schema Cache................................................................ 475
Editing rciusergroup Attributes for User Members ............................... 475
Returning User Group Information
Use the information in this section to return User Group information (and assist with authorization) once
authentication is successful.
From LDAP/LDAPS
When an LDAP/LDAPS authentication is successful, the Legrand PDU determines the permissions for a
given user based on the permissions of the user's role. Your remote LDAP server can provide these user
role names by returning an attribute named as follows:
rciusergroup
attribute type: string
This may require a schema extension on your LDAP/LDAPS server. Consult your authentication server
administrator to enable this attribute.
In addition, for Microsoft
®
Active Directory
®
, the standard LDAP memberOf is used.
From Microsoft Active Directory
Note: This should be attempted only by an experienced Active Directory
®
administrator.
Returning user role information from Microsoft's
®
Active Directory for Windows 2000
®
operating system
server requires updating the LDAP/LDAPS schema. See your Microsoft documentation for details.
1. Install the schema plug-in for Active Directory. See Microsoft Active Directory documentation for
instructions.
2. Run Active Directory Console and select Active Directory Schema.
Updating the LDAP Schema