Creating directory groups
Onboard Administrator authenticates users and assigns privileges by first verifying that the username and password provided to Onboard Administrator match the credentials in the Directory. When a match is verified, Onboard Administrator queries the Directory to discover the names of the Active Directory groups the user is a member of. Onboard Administrator then matches those group names against the Directory Group names that exist in Onboard Administrator. In the following example, Onboard Administrator Directory Groups are created in this step. The group name is used to determine LDAP users’ group membership and must match one of the following five properties of a directory group: the name, distinguished name, common name, Display Name, or SAM Account Name.
To create a directory group:
- In Onboard Administrator, navigate to the Users/Authentications/Directory Groups link.
- To add a new directory group, click New.
- Create a group named OA Admins, which is the same name created in the Active Directory.
NOTE: Group names with spaces might not be supported on some LDAP servers.
- Assign this group full administrative privileges over all server bays and interconnect bays, and then click Add.
- Create a Second Directory Group named OA Operators to match the operator group created in Active Directory. Assign the group Operator privilege level instead of Administrator, and do not allow the group access to Server Bays but do allow access to Interconnect bays, and then click Add.
If you downgrade Onboard Administrator firmware from 2.40 to 2.31, you will lose any groups in addition to the first five groups. Onboard Administrator version 2.40 supports 20 groups, while earlier versions only support five groups.