NOTE: If certificate validation is enabled, specify the Domain Controller Server addresses and the FQDN. Make sure thatDNS is configured correctly under.Using the following RACADM command may be optional:racadm sslcertdownload -t 0x1 -f < RAC SSL certificate >Configuring Generic LDAP UsersCMC provides a generic solution to support Lightweight Directory Access Protocol (LDAP)-based authentication. This feature doesnot require any schema extension on your directory services.A CMC administrator can now integrate the LDAP server user logins with CMC. This integration requires configuration on both LDAPserver and CMC. On the LDAP server, a standard group object is used as a role group. A user who has CMC access becomes amember of the role group. Privileges are still stored on CMC for authorization similar to the working of the Standard Schema setupwith Active Directory support.To enable the LDAP user to access a specific CMC card, the role group name and its domain name must be configured on thespecific CMC card. You can configure a maximum of five role groups in each CMC. A user has the option to be added to multiplegroups within the directory service. If a user is a member of multiple groups, then the user obtains the privileges of all their groups.For information about the privileges level of the role groups and the default role group settings, see Types of Users.Configuring the Generic LDAP Directory to Access CMCThe CMC's Generic LDAP implementation uses two phases in granting access to a user—user authentication, and then the userauthorization.Authentication of LDAP UsersSome directory servers require a bind before a specific LDAP server can be searched for.To authenticate a user:1. Optionally bind to the Directory Service. The default is an anonymous bind.NOTE: The Windows-based directory servers do not allow anonymous login. Hence, enter the bind DN name andpassword.2. Search for the user on the basis of the user login. The default attribute is uid. If more than one object is found, then theprocess returns an error.3. Unbind and perform a bind with the user's DN and password. If the system is unable to bind, then the login will not besuccessful.4. If these steps succeed, the user is authenticated.Authorization Of LDAP UsersTo authorize a user:1. Search each configured group for the user's domain name within the member or uniqueMember attributes. Anadministrator can configure a user domain.2. For every user group that the user belongs to, give the user appropriate user access rights and privileges.Configuring Generic LDAP Directory Service Using CMC Web InterfaceTo configure the generic LDAP directory service:NOTE: You must have the Chassis Configuration Administrator privilege.1. In the left pane, click Chassis Overview → User Authentication → Directory Services.2. Select Generic LDAP.The settings to be configured for standard schema is displayed on the same page.3. Specify the following:128