ldapRBSModelCfg

CME-MIB · .1.3.6.1.4.1.2.3.51.2.4.9.3.6.20

Object

scalar mandatory r/w Enumeration

There are two mechanisms to authenticate and authorize users on the MM when
using an LDAP-enabled server. The first mechanism (oldPermissionString), also
known as version 1, uses bitstrings to associate permissions to users and groups.
Version1 supports Active Directory, Novell eDirectory, and OPenLDAP based
servers. The second mechanism (newRBSModel), also known as version 2,
uses a new Role-Based-Security (RBS) model. This mechanism is only available
for Active Directory servers, and requires the use of a snap-in that runs on any
windows platform. This snap-in tool allows you to configure roles on an Active
Directory server of your choice, and to associate users/groups and MMs to those
roles. A role identifies the permissions given to users and groups associated with
that role, and also identifies the targets (e.g. MM) to which this role is attached.
The use of bitstrings in version 2 disappears, making the configuration much more
manageable and user-friendly. Note that if you are not using Active Directory, then
you should not enable version 2. Also note that before enabling version 2, you should
already have your roles configured on your Active Directory server. The old version 1
bitstring model cannot be automatically converted to the new version 2 model. This is
why you must configure your users and groups before enabling version 2. Once
enabled, the change takes effect immediately. The default value for this field is
oldPermissionString.

Context

MIB: CME-MIB
OID: .1.3.6.1.4.1.2.3.51.2.4.9.3.6.20
Type: scalar
Access: readwrite
Status: mandatory
Parent: ldapClientCfg
Siblings: 21

Syntax

Enumeration

Values & Constraints

Enumerated Values

`0`	oldPermissionString
`1`	newRBSModel

Related Objects

Sibling Objects

Object	Type	Syntax	OID
ldapServer1NameOrIPAddress mandatory A NULL terminated 255 byte string that contains the LDAP server host name or IP address (a.b.c.d).	scalar	OctetString	`.1.3.6.1.4.1.2.3.51.2.4.9.3.6.1`
ldapBindingMethod mandatory On initial binds to the LDAP server during user authentication, there are two options: Client authentication: Bind attempt is made with client DN and password specified by this co…	scalar	Enumeration	`.1.3.6.1.4.1.2.3.51.2.4.9.3.6.10`
ldapClientAuthenticationDN mandatory The initial bind to the LDAP server during user authentication can be performed with anonymous authentication, client based authentication, or UPN. The client based option require…	scalar	OctetString	`.1.3.6.1.4.1.2.3.51.2.4.9.3.6.11`
ldapClientAuthenticationPassword mandatory The client authentication password	scalar	OctetString	`.1.3.6.1.4.1.2.3.51.2.4.9.3.6.12`
ldapUIDsearchAttribute mandatory When the binding method selected is Anonymous authentication or Client authentication, the initial bind to the LDAP server is followed by a search request aimed at retrieving spec…	scalar	OctetString	`.1.3.6.1.4.1.2.3.51.2.4.9.3.6.13`
ldapGroupSearchAttribute mandatory When the MM Group Filter name is configured, it is necessary to retrieve from the LDAP server the list of groups that a particular user belongs to. This is required to do group au…	scalar	OctetString	`.1.3.6.1.4.1.2.3.51.2.4.9.3.6.14`
ldapLoginPermissionAttribute mandatory When a user successfully authenticates via a LDAP server, it is necessary to retrieve the login permissions for this user. In order to retrieve these permissions, the search filte…	scalar	OctetString	`.1.3.6.1.4.1.2.3.51.2.4.9.3.6.15`
ldapUseDNSOrPreConfiguredServers mandatory The MM contains a Version 2.0 LDAP Client that may be configured to provide user authentication through one or more LDAP servers. The LDAP server(s) to be used for authentication …	scalar	Enumeration	`.1.3.6.1.4.1.2.3.51.2.4.9.3.6.16`
ldapServer1PortNumber mandatory LDAP server port number.	scalar	Integer32	`.1.3.6.1.4.1.2.3.51.2.4.9.3.6.2`
ldapTargetName mandatory When administrator chooses Enhanced Role Based Security authentication model, he can associate one MM with one managed target object in Snap-in (one tool to configure LDAP users …	scalar	OctetString	`.1.3.6.1.4.1.2.3.51.2.4.9.3.6.21`
ldapAuthCfg mandatory If ldapAuthCfg is set to 0, LDAP server is used to authenticate and authorize users. If it is set to 1, LDAP server is only used to authenticate users. Note:LDAP Authen…	scalar	Enumeration	`.1.3.6.1.4.1.2.3.51.2.4.9.3.6.22`
ldapForestName mandatory LDAP Forest Name. Note: LDAP Forest Name is only for Active Directory environment.	scalar	OctetString	`.1.3.6.1.4.1.2.3.51.2.4.9.3.6.23`
ldapDomainName mandatory A NULL terminated 255 byte string that contains the LDAP Domain Name.	scalar	OctetString	`.1.3.6.1.4.1.2.3.51.2.4.9.3.6.24`
ldapServer4NameOrIPAddress mandatory A NULL terminated 255 byte string that contains the LDAP server host name or IP address (a.b.c.d).	scalar	OctetString	`.1.3.6.1.4.1.2.3.51.2.4.9.3.6.25`
ldapServer4PortNumber mandatory LDAP server port number.	scalar	Integer32	`.1.3.6.1.4.1.2.3.51.2.4.9.3.6.26`
ldapServer2NameOrIPAddress mandatory A NULL terminated 255 byte string that contains the LDAP server host name or IP address (a.b.c.d).	scalar	OctetString	`.1.3.6.1.4.1.2.3.51.2.4.9.3.6.3`
ldapServer2PortNumber mandatory LDAP server port number.	scalar	Integer32	`.1.3.6.1.4.1.2.3.51.2.4.9.3.6.4`
ldapServer3NameOrIPAddress mandatory A NULL terminated 255 byte string that contains the LDAP server host name or IP address (a.b.c.d).	scalar	OctetString	`.1.3.6.1.4.1.2.3.51.2.4.9.3.6.5`
ldapServer3PortNumber mandatory LDAP server port number.	scalar	Integer32	`.1.3.6.1.4.1.2.3.51.2.4.9.3.6.6`
ldapRootDN mandatory A NULL terminated 255 byte string that contains the distinguished Name for root entry of directory tree. An example might look like dn=foobar,dn=com.	scalar	OctetString	`.1.3.6.1.4.1.2.3.51.2.4.9.3.6.7`
ldapGroupFilter mandatory This filter is used for group authentication. It specifies what group or groups that this MM belongs to. If left blank, group authentication is disabled. Otherwise, group authenti…	scalar	OctetString	`.1.3.6.1.4.1.2.3.51.2.4.9.3.6.9`