DescriptionName
Whether Cisco UCS also searches LDAP groups when authenticating
and assigning user roles and locales to remote users. This can be one
of the following:
• Disable—Cisco UCS does not access any LDAP groups.
• Enable—Cisco UCS searches all LDAP groups mapped in this
Cisco UCS domain. If the remote user is found, Cisco UCS
assigns the user roles and locales defined for that LDAP group
in the associated LDAP group map.
Role and locale assignment is cumulative. If a user is
included in multiple groups, or has a role or locale specified
in the LDAP attribute, Cisco UCS assigns that user all the
roles and locales mapped to any of those groups or attributes.
Note
Group Authorization field
Whether Cisco UCS searches both the mapped groups and their parent
groups. This can be one of the following:
• Non Recursive—Cisco UCS searches only the groups mapped
in this Cisco UCS domain. If none of the groups containing the
user explicitly set the user's authorization properties, Cisco UCS
uses the default settings.
• Recursive—Cisco UCS searches each mapped group and all
its parent groups for the user's authorization properties. These
properties are cumulative, so for each group Cisco UCS finds
with explicit authorization property settings, it applies those
settings to the current user. Otherwise it uses the default settings.
Group Recursion field
The attribute Cisco UCS uses to determine group membership in the
LDAP database.
The supported string length is 63 characters. The default string is
memberOf.
Target Attribute field
b) Click Finish.
What to Do Next
For implementations involving a single LDAP database, select LDAP as the authentication service.
For implementations involving multiple LDAP databases, configure an LDAP provider group.
Cisco UCS Manager GUI Configuration Guide, Release 2.0
138 OL-25712-04
Configuring LDAP Providers