Print

Configuring an external LDAP server — Windows

Procedure

  1. Install the Identity Management for UNIX component on Windows 2003 R2. This can be found under Add/Remove Windows Components, then double click on Active Directory Services.
  2. Follow these steps to create an AES group.
    1. Click Start > Run.
    2. Type dsa.msc.
    3. Click OK.
    4. In the Active Directory Users and Computers dialog box, right click Builtin > New > Group.
    5. In the New Object — Group dialog box, in the Group name field, type AES.
    6. Click OK.
    7. Open the AES Group property, and click the UNIX Attributes tab.
    8. From the NIS Domain drop-down box, select the NIS domain this group belongs to.
    9. Click OK.
  3. Follow these steps to configure the user’s UNIX attributes.
    1. Create a user or use an existing user.
    2. Open the User Properties dialog box.
    3. Click the UNIX Attributes tab.
    4. In the NIS Domain field, select the appropriate NIS domain.
    5. From the Primary group name/GID drop-down box, select AES.
    6. Click OK.
  4. Follow these steps to set up user roles. See User roles for a list of user roles and corresponding privileges.
    1. Create an attribute or use an existing attribute on LDAP with the value Security_administrator,Auditor.
      noteNote

      If the user has multiple roles, use a comma for the delimiter. For example: Audit,System_Administrator,Security_Administrator,Backup_restore.

    2. In the <user>SecurityAdmin Properties dialog box, in the Description field, type Security_administrator,Auditor.
    3. Click OK.
  5. Follow these steps to configure Enterprise Directory.
    1. Log in to the AE Services Management Console as System Administrator.
    2. From the AE Services Management Console main menu, select Security > Enterprise Directory.
    3. On the Enterprise Directory page, in the User Role Attribute Name field, type description. This is the name of the user attribute, which contains the user’s roles in LDAP.
  6. Follow these steps to enable external LDAP.
    1. Log in to the AE Services Management Console as System/Security Administrator.
    2. From the AE Services Management Console main menu, select Security > PAM > PAM Module.
    3. On the PAM Module Configuration page, select the External LDAP check box.
    4. Click Apply.