176 Configuring the Library
Using LDAP
Lightweight Directory Access Protocol (LDAP) is the industry standard Internet protocol that provides
centralized user account management. This library supports the Microsoft
®
Active Directory
®
LDAP server
and user account information in the schema defined by RFC 2307. User password schemes must be
encrypted using UNIX® crypt.
You can configure the Lightweight Directory Access Protocol (LDAP) settings any time after the initial library
configuration. Once you enable and configure LDAP, you can view your current LDAP settings using the
LDAP menu.
LDAP Server Guidelines
LDAP is the industry standard Internet protocol that provides centralized user account management
subsystem. User account information is centralized and shared by different applications, simplifying user
account management tasks. Administrative users can add, delete, and modify only local user account
information. For more information concerning setting up user accounts, see the Scalar i6000 User’s Guide.
User and Group Access
For LDAP accounts with user privileges, access to library partitions is determined by group assignment on
the LDAP server. Groups must be created on the LDAP server with names that correspond to the library
partition names. Users without administrator privileges must be assigned to these groups on the LDAP
server to have access to the corresponding partitions on the library. LDAP accounts with administrative
privileges have access to all partitions and administrative functions and do not need to be assigned to
partition-related groups on the LDAP server.
OpenLDAP 2.4
You must install and run OpenLDAP 2.4 or later. The supported Objects in OpenLDAP 2.4 and above are
of type “Person” or derived objects, and the group Objects must be of type “GroupOfNames”.
OpenLDAP must be compiled with Overlay Support and requires the installation of “memberOf” overlay.
More information can be found in the man pages of OpenLDAP with the “man slapo-memberof” command.
The Scalar i6.5 release provided enhancements to the Lightweight Directory
Access Protocol (LDAP) features. For maximum ease of use of this feature,
Quantum strongly recommends that you are running version i6.5 or greater.
Active Directory no longer requires Windows Services for Unix 2.5.
Any LDAP configurations from i6.3.1 and earlier will not import into
the i6.5 LDAP configuration. You must reconfigure LDAP for the i6.5
update.
Usernames and group objects must be in LDAP Distinguished Names formats.
To Next Page
Loading...
Need help?
General