Schneider Electric AP561x User Manual

LDAP Implementation

AP561x KVM Switches

All content in this presentation is protected – © 2008 American Power Conversion Corporation

LDAP Implementation

● Does not require LDAP Schema to be touched!

● Uses existing Schema Attribute field to store configuration setting

● Allows easy implementation

APC by Schneider Electric

IP KVM authentication levels

● Basic

•Very simple implementation that allows the KVM to browse the LDAP directory for
user credentials. All users are administrators

● Attribute

•Allow users in the LDAP directory to be distinguished as non-users, appliance
administrators or users

● Group

•Provides highly granular security down to the port level

APC by Schneider Electric

Settings Used in this Lab

● The Microsoft® domain controller (Active Directory) acts as the DHCP server and DNS
server in these examples.

● The domain is kvmcorp.com.

● The user account that is used to query the domain controller for authentication and

access controls is kvmldap.

● The OU (Organizational Unit) for grouping APC IP KVM Switches and users is IPKVM.

● The IP Address of the IP KVM Switch is 192.168.5.11

● The IP Address of the AD Server is 192.168.5.100

● The IP Address of the Client is 192.168.5.50

APC by Schneider Electric

LDAP Lab Layout

KVM

Server1

Server2

OBWI Client

192.168.5.50

IPKVM1

192.168.5.11

Server3

LDAP Server

KVMcorp.com

192.168.5.100

APC by Schneider Electric

Synchronize Server Module names to AD
Computer Object names

● Name the Server Modules to match exactly the names of the computers with which

they are connected. This must be done using the OSD from the local port on the IP
KVM switch. The domain controller’s server modules should have a different name
than the domain controller. A computer with the same name representing the domain
controller should be added separately to the directory for IP KVM access because
the domain controllers are not listed under computers in the Active Directory, and the
domain controllers folder is not browsable to the Admin accounts.

● For example, the interface adapter for the domain controller KVMcorp-AD is named

KVMcorp-AD-SM, and a computer is created with the name KVMcorp-AD-SM. A
standard user cannot authenticate for a domain controller.

APC by Schneider Electric

Name the Server Modules via the Local Port
OSD

From the local OSD, press the Print Scrn key. The Main dialog box
appears. Click the name you want to change, and click Modify, rename
the server module and click OK.

Remember, the server names here must match the computer
object names in the directory!

APC by Schneider Electric

Active Directory Tasks

NOTE: In a production environment, work with your IT department to create the

console query user account and add the IP KVM switches OU. You need a level
of access that enables you to create, delete, modify groups, and add computer
objects for interface adapters connected to non-domain systems within the IP
KVM switches OU. Use the Microsoft® MMC to access the Active Directory from
another server or a client workstation.

To administer the directory from the domain controller console, click

Start>Programs>Administrative Tools>Active Directory Users and
Computers.

On the domain controller, add an OU group container named IPKVM to Active

Directory in the root of the domain for the IP KVM switch administrative groups.

1. Right-click kvmcorp.com.

2. Select New Organizational Unit.

3. Name it IPKVM

4. Click OK.

APC by Schneider Electric