LDAP Feature for the Remote Console Switch : Configuring Group Objects : Dell Extended Schema Active Directory Object Overview

Dell Extended Schema Active Directory Object Overview
For each of the physical Remote Console Switches on the network that you want to integrate with Active Directory for Authentication and Authorization, you must create at least one RCS Device Object to represent the physical switch and one Association Object. The Association object is used to link together the users or groups with a specific set of privileges to one or more SIPs. This model provides an Administrator maximum flexibility over the different combinations of users, RCS privileges, and SIPs on the Remote Console Switch without adding too much complexity.
The RCS Device Object is the link to the Remote Console Switch for querying Active Directory for authentication and authorization. When a Remote Console Switch is added to the network, the Administrator must configure the Remote Console Switch and its device object with its Active Directory name so that users can perform authentication and authorization with Active Directory. The Administrator will also need to add the Remote Console Switch to at least one Association Object in order for users to authenticate.
You can create as many Association Objects as you want, and each Association Object can be linked to as many users, groups of users, or RCS Device Objects as desired. The users and RCS Device Objects can be members of any domain in the enterprise.
However, each Association Object may be linked (or, may link users, groups of users, or RCS Device Objects) to only one Privilege Object. A Privilege Object allows an Administrator to control which users have what kind of privileges on specific SIPs.
Figure 9‑6 illustrates that the Association Object provides the connection that is needed for all of the Authentication and Authorization.
Figure 9 6. Typical Setup for Active Directory Objects
You can create as many or as few association objects as you want or need. However, you must create at least one Association Object, and you must have one RCS Device Object for each Remote Console Switch on the network that you want to integrate with Active Directory for Authentication and Authorization. The Association Object allows for as many or as few users and/or groups as well as RCS Device Objects. However, the Association Object only has one Privilege Object per Association Object. The Association Object connects the "Users" who have "Privileges" on the RCSs.
In addition, you can set up Active Directory objects in a single domain or in multiple domains. For example, you have two Remote Console Switches (RCS1 and RCS2) and three existing Active Directory users (user1, user2, and user3). You want to give user1 and user2 an administrator privilege to both Remote Console Switches and give user3 a login privilege to the RCS2.
Figure 9‑7 shows how you set up the Active Directory objects in this scenario.
Figure 9 7. Setting Up Active Directory Objects in a Single Domain
To set up the objects for the single domain scenario, perform the following tasks:
1
2
3
4
5
6
See "Adding Remote Console Switch Users and Privileges to Active Directory with Dell Schema Extensions" for detailed instructions.
Figure 9‑8 shows how you can set up the Active Directory Objects in multiple domains. In this scenario, you have two Remote Console Switches (RCS1 and RCS2) and three existing Active Directory users (user1, user2, and user3). User1 is in Domain1, and user2 and user 3 are in Domain2. You want to give user1 and user 2 an administrator privilege to both Remote Console Switches and give user3 a login privilege to the RCS2.
Figure 9 8. Setting Up Active Directory Objects in Multiple Domains
To set up the objects for the multiple domain scenario, perform the following tasks:
1
2
3
4
5
6
7