ldapRBSModelCfg
BLADE-MIB ·
.1.3.6.1.4.1.2.3.51.2.4.9.3.6.20
Object
scalar
mandatory
r/w
Enumeration
There are two mechanisms to authenticate and authorize users on the AMM when using an LDAP-enabled server. The first mechanism (oldPermissionString), also known as version 1, uses bitstrings to associate permissions to users and groups. Version1 supports Active Directory, Novell eDirectory, and OPenLDAP based servers. The second mechanism (newRBSModel), also known as version 2, uses a new Role-Based-Security (RBS) model. This mechanism is only available for Active Directory servers, and requires the use of a snap-in that runs on any windows platform. This snap-in tool allows you to configure roles on an Active Directory server of your choice, and to associate users/groups and AMMs to those roles. A role identifies the permissions given to users and groups associated with that role, and also identifies the targets (e.g. AMM) to which this role is attached. The use of bitstrings in version 2 disappears, making the configuration much more manageable and user-friendly. Note that if you are not using Active Directory, then you should not enable version 2. Also note that before enabling version 2, you should already have your roles configured on your Active Directory server. The old version 1 bitstring model cannot be automatically converted to the new version 2 model. This is why you must configure your users and groups before enabling version 2. Once enabled, the change takes effect immediately. The default value for this field is oldPermissionString.
Context
- MIB
- BLADE-MIB
- OID
.1.3.6.1.4.1.2.3.51.2.4.9.3.6.20- Type
- scalar
- Access
- readwrite
- Status
- mandatory
- Parent
- ldapClientCfg
- Siblings
- 25
Syntax
Enumeration
Values & Constraints
No enumerated values or constraints recorded.
Related Objects
Sibling Objects
| Object | Type | Syntax | OID |
|---|---|---|---|
| ldapServer1NameOrIPAddress mandatory A NULL terminated 255 byte string that contains the
LDAP server host name or IP address (a.b.c.d). | scalar | OctetString | .1.3.6.1.4.1.2.3.51.2.4.9.3.6.1 |
| ldapBindingMethod mandatory On initial binds to the LDAP server during user authentication, there are
three options:
Anonymous authentication: Bind attempt is made without a client DN or password.
If the bin… | scalar | Enumeration | .1.3.6.1.4.1.2.3.51.2.4.9.3.6.10 |
| ldapClientAuthenticationDN mandatory The initial bind to the LDAP server during user authentication can be
performed with anonymous authentication, client based authentication, or UPN.
The client based option require… | scalar | OctetString | .1.3.6.1.4.1.2.3.51.2.4.9.3.6.11 |
| ldapClientAuthenticationPassword mandatory The client authentication password | scalar | OctetString | .1.3.6.1.4.1.2.3.51.2.4.9.3.6.12 |
| ldapUIDsearchAttribute mandatory When the binding method selected is Anonymous authentication or Client
authentication, the initial bind to the LDAP server is followed by a search
request aimed at retrieving spec… | scalar | OctetString | .1.3.6.1.4.1.2.3.51.2.4.9.3.6.13 |
| ldapGroupSearchAttribute mandatory When the MM Group Filter name is configured, it is necessary to retrieve
from the LDAP server the list of groups that a particular user belongs to.
This is required to do group au… | scalar | OctetString | .1.3.6.1.4.1.2.3.51.2.4.9.3.6.14 |
| ldapLoginPermissionAttribute mandatory When a user successfully authenticates via a LDAP server, it is necessary
to retrieve the login permissions for this user. In order to retrieve these
permissions, the search filte… | scalar | OctetString | .1.3.6.1.4.1.2.3.51.2.4.9.3.6.15 |
| ldapUseDNSOrPreConfiguredServers mandatory The MM contains a Version 2.0 LDAP Client that may be configured to provide
user authentication through one or more LDAP servers. The LDAP server(s) to be
used for authentication … | scalar | Enumeration | .1.3.6.1.4.1.2.3.51.2.4.9.3.6.16 |
| ldapDomainSource obsolete The DNS SRV request sent to the DNS server must specify a domain name.
The LDAP client will determine where to get this domain name based on one
of the following three options:
… | scalar | Enumeration | .1.3.6.1.4.1.2.3.51.2.4.9.3.6.17 |
| ldapSearchDomain obsolete This parameter may be used as the domain name in the DNS SRV request,
depending on how the Domain Source parameter is configured. | scalar | OctetString | .1.3.6.1.4.1.2.3.51.2.4.9.3.6.18 |
| ldapServiceName obsolete The DNS SRV request sent to the DNS server must also specify a service name.
The configured value will be used for this purpose. If left blank, the default
value used is 'ldap'. N… | scalar | OctetString | .1.3.6.1.4.1.2.3.51.2.4.9.3.6.19 |
| ldapServer1PortNumber mandatory LDAP server port number. | scalar | Integer32 | .1.3.6.1.4.1.2.3.51.2.4.9.3.6.2 |
| ldapTargetName mandatory When administrator chooses Enhanced Role Based Security authentication model,
he can associate one AMM with one managed target object in Snap-in (one tool
to configure LDAP users… | scalar | OctetString | .1.3.6.1.4.1.2.3.51.2.4.9.3.6.21 |
| ldapAuthCfg mandatory If ldapAuthCfg is set to 0, LDAP server is used to authenticate and authorize
users. If it is set to 1, LDAP server is only used to authenticate users.
Note:LDAP Authen… | scalar | Enumeration | .1.3.6.1.4.1.2.3.51.2.4.9.3.6.22 |
| ldapForestName mandatory LDAP Forest Name.
Note: LDAP Forest Name is only for Active Directory environment. | scalar | OctetString | .1.3.6.1.4.1.2.3.51.2.4.9.3.6.23 |
| ldapDomainName mandatory A NULL terminated 255 byte string that contains the
LDAP Domain Name. | scalar | OctetString | .1.3.6.1.4.1.2.3.51.2.4.9.3.6.24 |
| ldapServer4NameOrIPAddress mandatory A NULL terminated 255 byte string that contains the
LDAP server host name or IP address (a.b.c.d). | scalar | OctetString | .1.3.6.1.4.1.2.3.51.2.4.9.3.6.25 |
| ldapServer4PortNumber mandatory LDAP server port number. | scalar | Integer32 | .1.3.6.1.4.1.2.3.51.2.4.9.3.6.26 |
| ldapServer2NameOrIPAddress mandatory A NULL terminated 255 byte string that contains the
LDAP server host name or IP address (a.b.c.d). | scalar | OctetString | .1.3.6.1.4.1.2.3.51.2.4.9.3.6.3 |
| ldapServer2PortNumber mandatory LDAP server port number. | scalar | Integer32 | .1.3.6.1.4.1.2.3.51.2.4.9.3.6.4 |
| ldapServer3NameOrIPAddress mandatory A NULL terminated 255 byte string that contains the
LDAP server host name or IP address (a.b.c.d). | scalar | OctetString | .1.3.6.1.4.1.2.3.51.2.4.9.3.6.5 |
| ldapServer3PortNumber mandatory LDAP server port number. | scalar | Integer32 | .1.3.6.1.4.1.2.3.51.2.4.9.3.6.6 |
| ldapRootDN mandatory A NULL terminated 255 byte string that contains the
distinguished Name for root entry of directory tree.
An example might look like dn=foobar,dn=com. | scalar | OctetString | .1.3.6.1.4.1.2.3.51.2.4.9.3.6.7 |
| ldapUserSearchBaseDN obsolete As part of the user authentication process, it is necessary to search
the LDAP server for one or more attributes associated with a particular
user. Any search request must specify… | scalar | OctetString | .1.3.6.1.4.1.2.3.51.2.4.9.3.6.8 |
| ldapGroupFilter mandatory This filter is used for group authentication. It specifies what group or
groups that this MM belongs to. If left blank, group authentication is
disabled. Otherwise, group authenti… | scalar | OctetString | .1.3.6.1.4.1.2.3.51.2.4.9.3.6.9 |