49
7. Administration
(continued)
7.3.4 ANMS
(continued)
7. Click
OK
. When you return to the attribute editor page, the
B022-U08-IP-AccessRight entry now reflects the new permissions.
8. After entering in the desired KVM permission attribute value, click
Apply
to save the change and complete the procedure.
9. Repeat these steps for any other users you wish to assign KVM
permissions to.
OpenLDAP Server
OpenLDAP
is an open source LDAP server designed for UNIX
platforms. A Windows version can be downloaded from: http://
download.bergmans.us/openldap/openldap-2.2.29/openldap-2.2.29-db-
4.3.29-openssl-.9.8awin32_Setup.exe
.
OpenLDAP Server Installation
After downloading the program, launch the installer, select your
language, accept the license and choose the target installation directory.
The default directory is:
c:\Program Files\OpenLDAP
.
When the Select Components dialog box appears, select
install BDB-
tools
and
install OpenLDAP-slapd as NT service
options.
OpenLDAP Server Configuration
The main OpenLDAP configuration file, slapd.conf, has to be
customized before launching the server. The modifications to the
configuration file will do the following:
• Specify the unicode data directory. The default is
./ucdata
.
• Choose the required LDAP schemas. The core schema is mandatory.
• Configure the path for the OpenLDAP
pid
and
args
start up files.
The first contains the server
pid
, the second includes command line
arguments.
• Choose the database type. The default is
bdb (Berkeley DB).
• Specify the server suffix. All entries in the directory will have this
suffix, which represents the root of the directory tree. For example,
with suffix
dc=tripplite,dc=com
, the fully qualified name of all
entries in the database will end with
dc=tripplite,dc=com
.
• Define the name of the administrator entry for the server
(rootdn),
along with its password
(rootpw).
This is the server’s super user. The
rootdn
name must match the suffix defined above. (Since all entry
names must end with the defined suffix, and the
rootdn
is an entry.)
An example configuration file is provided:
Starting the Open LDAP Server
To start the OpenLDAP Server, run
slapd
(the OpenLDAP Server
executable file) from the command line.
slapd
supports a number of
command line options, the most important option is the
d
switch that
triggers debug information. For example, a command of
slapd -d 256
would start OpenLDAP with a debug level of 256, as shown in the
following screenshot:
Note: For details about slapd options and their meanings, refer to the
OpenLDAP documentation.
Customizing the OpenLDAP Schema
The schema that
slapd
uses may be extended to support additional
syntaxes, matching rules, attribute types and object classes. In the case
of the KVM, the
User
class and the
permission attribute
are extended
to define a new schema. The extended schema file used to authenticate
and authorize users logging in to the KVM switch is shown in the
figure below.
