LDAP Server Support Guidelines
This topic provides LDAP server support guidelines. For general information about LDAP, see About LDAP. For information on how to configure LDAP on the library, see Configuring LDAP.
When configuring LDAP on the library, note the following guidelines:
- The library supports the Microsoft® Active Directory LDAP server. Windows® Services for UNIX® 2.5 is required for this support.
- When setting up a user account in Microsoft Active Directory, make sure to populate the UNIX attributes with information. This requires all Active Directory users to be part of an NIS Domain, or have NIS Domain information entered. After entering NIS Domain information for a user, you will need to reset the user's password.
- The library supports user account information in the schema defined by RFC 2307. User password schemes must be encrypted using UNIX crypt. In addition, user names (uid) and passwords (userPassword) must be created using lowercase characters to be compatible with the library.
- For LDAP users with library user privileges, access to library partitions is determined by group assignment on the LDAP server. Groups must be created on the LDAP server with names that correspond to the library partition names. Users with user privileges must be assigned to these groups on the LDAP server to have access to the corresponding partitions on the library. LDAP users with administrative privileges have access to all partitions and administrative functions and do not need to be assigned to partition-related groups on the LDAP server.
- The library Web client and operator panel do not allow you to create, modify, or delete user account information located on an LDAP server. This must be done by the directory service provider.
See also: