Schneider Electric AP561x - Manual

Page 2 - LDAP Implementation; Does not require LDAP Schema to be touched!

APC by Schneider Electric LDAP Implementation ● Does not require LDAP Schema to be touched! ● Uses existing Schema Attribute field to store configuration setting ● Allows easy implementation

Page 3 - IP KVM authentication levels

APC by Schneider Electric IP KVM authentication levels ● Basic • Very simple implementation that allows the KVM to browse the LDAP directory for user credentials. All users are administrators ● Attribute • Allow users in the LDAP directory to be distinguished as non-users, appliance administrators o...

Page 4 - Settings Used in this Lab

APC by Schneider Electric Settings Used in this Lab ● The Microsoft® domain controller (Active Directory) acts as the DHCP server and DNS server in these examples. ● The domain is kvmcorp.com . ● The user account that is used to query the domain controller for authentication and access controls is k...

Page 5 - LDAP Lab Layout

APC by Schneider Electric LDAP Lab Layout Server1 Server2 Server3 OBWI Client IPKVM1 192.168.5.11 LDAP Server KVMcorp.com 192.168.5.100 192.168.5.50 KVM

Page 7 - Print Scrn

APC by Schneider Electric Name the Server Modules via the Local Port OSD From the local OSD, press the Print Scrn key. The Main dialog box appears. Click the name you want to change, and click Modify, rename the server module and click OK. Remember, the server names here must match the computer obje...

Page 8 - Active Directory Tasks

APC by Schneider Electric Active Directory Tasks NOTE: In a production environment, work with your IT department to create the console query user account and add the IP KVM switches OU. You need a level of access that enables you to create, delete, modify groups, and add computer objects for interfa...

Page 9 - Create User to Browse the Directory

APC by Schneider Electric Create a user named kvmldap , and assign the password: Password1 Set the Password not to expire Create User to Browse the Directory This is a special user account specifically for LDAP queries instead of using the Admin account

Page 14 - Log into the Switch

APC by Schneider Electric Log into the Switch Launch your web browser and point it to the IP address of the IP KVM Switch and login with the default Admin user name & PW: apc andapc

Page 15 - Name the Switch

APC by Schneider Electric Name the Switch From the Configure screen, select SNMP and name the switch IPKVM1

Page 16 - Enable LDAP Authentication

APC by Schneider Electric Enable LDAP Authentication Click on Authentication under Appliance in the Configuration Menu

Page 18 - Configure LDAP Search Parameters

APC by Schneider Electric Configure LDAP Search Parameters On the Search Parameters tab, enter the Search DN: cn=kvmldap,cn=users,dc=kvmcorp,dc=com NOTE: The first cn field must match the full name of the user, not the login name. For example, if the user name is John Doe, then cn=John Doe (note the...

Page 19 - Leave Query Parameter at Basic

APC by Schneider Electric Leave Query Parameter at Basic IMPORTANT: This query mode should be used to test your LDAP configuration only. After the basic LDAP communications configuration is successfully tested, change the query mode because Basic mode gives full administration authorization to all I...

Page 20 - Test the basic LDAP Authentication

APC by Schneider Electric Test the basic LDAP Authentication Log out of the APC Web Interface and go back to the login prompt. Log in as: kvmldap with the password Password1 (the user you created earlier to browse the network.) It should load the APC Management Page if the switch can communicate to ...

Page 21 - Basic Summary; Very basic

APC by Schneider Electric Basic Summary ● Very basic ● Quick to set up ● All users have administrator rights ● Use the “Search Base” in the “LDAP Parameters” to limit user access by adding an OU such as “MIS” or “Administrators” ● Ideal for smaller customers

Page 22 - Group Based Authentication

Page 23 - Change LDAP Query to Group; Group Attribute for

APC by Schneider Electric Change LDAP Query to Group After the basic LDAP communication test succeeds, Log off, then log in to the IP KVM switch as apc with apc as the password. Click on ConfigureClick Global>Authentication. On the Query Parameters tab, click Group Attribute for Query Mode (IP KV...

Page 25 - Group Summary; Highly granular security

APC by Schneider Electric Group Summary ● Highly granular security ● Port level control ● Attributes set to groups rather than individual users ● Hugely scalable ● Ideal for Enterprise customers

Page 26 - Conclusion

APC by Schneider Electric Conclusion ● LDAP allows you to integrate your KVM with your security infrastructure to provide an easy to use yet powerful management tool to keep your servers up and running

Schneider Electric AP561x - Manual

Table of Contents:

Summary

Other Schneider Electric Models