Cisco Systems OL-25712-04 Security Camera User Manual


 
Changing the LDAP Group Rule for an LDAP Provider
Procedure
Step 1
In the Navigation pane, click the Admin tab.
Step 2
On the Admin tab, expand All > User Management > LDAP.
Step 3
Expand LDAP Providers and choose the LDAP provider for which you want to change the group rule.
Step 4
In the Work pane, click the General tab.
Step 5
In the LDAP Group Rules area, complete the following fields:
DescriptionName
Whether Cisco UCS also searches LDAP groups when authenticating
and assigning user roles and locales to remote users. This can be one
of the following:
Disable—Cisco UCS does not access any LDAP groups.
Enable—Cisco UCS searches all LDAP groups mapped in this
Cisco UCS domain. If the remote user is found, Cisco UCS assigns
the user roles and locales defined for that LDAP group in the
associated LDAP group map.
Role and locale assignment is cumulative. If a user is included
in multiple groups, or has a role or locale specified in the LDAP
attribute, Cisco UCS assigns that user all the roles and locales
mapped to any of those groups or attributes.
Note
Group Authorization field
Whether Cisco UCS searches both the mapped groups and their parent
groups. This can be one of the following:
Non Recursive—Cisco UCS searches only the groups mapped
in this Cisco UCS domain. If none of the groups containing the
user explicitly set the user's authorization properties, Cisco UCS
uses the default settings.
Recursive—Cisco UCS searches each mapped group and all its
parent groups for the user's authorization properties. These
properties are cumulative, so for each group Cisco UCS finds with
explicit authorization property settings, it applies those settings
to the current user. Otherwise it uses the default settings.
Group Recursion field
The attribute Cisco UCS uses to determine group membership in the
LDAP database.
The supported string length is 63 characters. The default string is
memberOf.
Target Attribute field
Cisco UCS Manager GUI Configuration Guide, Release 2.0
OL-25712-04 139
Configuring LDAP Providers