Note default administrative users: admin, system The system user cannot be deleted
It’s a good idea not to edit the default groups. It is better to add a new group and select the permissions needed.
To add a new group scroll to the bottom and click add and complete the “add group form”
LDAP provides: Centrally managed user authentication Single unified logon
You will have to work with your LDAP administrator
Normally the Search Template can be left at default, consult the LDAP admin to see if any changes are needed.
For Microsoft Active Directory and SunONE Directory Server Foundation can set the other group configuration attributes and these are the fully supported configurations. If Other is chosen then the other group configuration attributes can be set in consultation with the LDAP admin. For reference: Group Attribute on User node The LDAP attribute name to search for when running a group query. The attribute is on the User node, and provides a list of distinguished names of groups that the user belongs to Group Query The LDAP query that is used to find Group objects. It is usual to match the nodes' Object Class, for example: (objectclass=group). Membership Attribute on Group node The LDAP attribute name to search for to determine whether an individual is a member of a group. The attribute is on the Group nodes, and provides a list of names of users.
Useful CLI test to show data from LDAP server Example: ldapsearch -b dc=bmc,dc=com -D n.smith@bmc.com –W -H ldap://adserver:389 -x '(userPrincipalName=n.smith@bmc.com)'
the “Disabled Accounts can be reactivated” setting as this is how to allow locked or blocked acct to be reset from the UI (shown on slide 5)
This slide is included as many users are not sure of where such text will be displayed. Of course the field can be used for things other than legal notices and can be usefully used to identify what multiple appliances are being used for; especially useful for admins that have to login to a number. Note also that the Foundation Version and Appliance Name are displayed bottom right; it is good practise to set a reasonable Appliance Name.
If the user has followed best practise of *not* using the system account for general use they shouldn’t get to this situation. Note also that it is important that the CLI password is treated as a high level password and not general known.
Optionally you may wish to complete the labs that have been prepared to accompany this module. Please download the lab zip file that should be available where you accessed this module. Make sure you have access to a running appliance before attempting the labs. It is best to use the training demo VA provided as it is set up to work with the labs. You may need to review tutorial material in order to work out the solutions.