Step 6
Click Save Changes.
Deleting an LDAP Provider
Procedure
Step 1
In the Navigation pane, click the Admin tab.
Step 2
On the Admin tab, expand All > User Management > LDAP.
Step 3
Expand LDAP Providers.
Step 4
Right-click the LDAP provider you want to delete and choose Delete.
Step 5
If the Cisco UCS Manager GUI displays a confirmation dialog box, click Yes.
LDAP Group Mapping
For organizations that already use LDAP groups to restrict access to LDAP databases, group membership
information can be used by UCSM to assign a role or locale to an LDAP user during login. This eliminates
the need to define role or locale information in the LDAP user object when Cisco UCS Manager is deployed.
When a user logs in to Cisco UCS Manager, information about the user's role and locale are pulled from the
LDAP group map. If the role and locale criteria match the information in the policy, access is granted.
Role and locale definitions are configured locally in Cisco UCS Manager and do not update automatically
based on changes to an LDAP directory. When deleting or renaming LDAP groups in an LDAP directory, it
is important that you update Cisco UCS Manager with the change.
An LDAP group map can be configured to include any of the following combinations of roles and locales:
• Roles only
• Locales only
• Both roles and locales
For example, consider an LDAP group representing a group of server administrators at a specific location.
The LDAP group map might be configured to include user roles like server-profile and server-equipment. To
restrict access to server administrators at a specific location, the locale could be set to a particular site name.
Cisco UCS Manager includes many out-of-the-box user roles but does not include any locales. Mapping
an LDAP provider group to a locale requires that you create a custom locale.
Note
Cisco UCS Manager GUI Configuration Guide, Release 2.0
140 OL-25712-04
Configuring LDAP Providers