Configuring the LDAP Parameters on the iBMC

Scenario

Configure the Lightweight Directory Access Protocol (LDAP) function on Configuration > LDAP of the iBMC WebUI.

The LDAP function enables domain users to access the iBMC.

• A common function of LDAP is to provide a central repository for user names and passwords, which allows different applications and services to connect to the LDAP server to validate users.
• The iBMC only provides an access interface for LDAP users; therefore this section does not include the procedure of configuring domain controllers, user domains, and LDAP users. For details, see the user guide of the domain controller you use.
• The security policies (password complexity check, password validity period, minimum password age, previous passwords disallowed, and inactive timelimit, and user lockout policy) configured on the authentication server apply to the LDAP users attempting to log in to the iBMC.

Prerequisites

Data

• LDAP server information, including the LDAP server address, domain name, host name, user application folder, and LDAP user group name
• Password for logging in to the iBMC WebUI

Procedure

1. Log in to the iBMC WebUI. For details, see Getting Started > Login.
2. Configure the LDAP server on the iBMC.
   1. On the iBMC WebUI, choose User & Security > LDAP.
   2. Set LDAP to to enable the LDAP function.
   3. Set the LDAP server parameters.

      The following parameters must be configured.

      • LDAP Server Address: Enter the LDAP server IP address, for example, 192.168.66.66.
      • LDAPS Port: Enter the port number of the LDAP server.
      • Domain: Enter the LDAP server domain name, for example, iBMC.com. This domain name must be the same as the domain name set on the LDAP server.
      • Current User Password: Enter the password for logging in to the iBMC.

        Other parameters should be set according to the actual needs. Please refer to LDAP for the relevant parameter description.

   4. Click Save.

3. (Optional) Import an LDAP root certificate.

   If the certificate verification feature is turned on, you need to import the LDAP CA certificate. Obtain the certificate file from the CA certification authority by yourself.

   1. Set the DNS server address to the LDAP server address. For details, see iBMC Configuring the Directory Server.
   2. Under Root Certificate, click Browse and select the root certificate to be uploaded.

      The CA certificate must be in .cer, .pem, .cert, or .crt format.

   3. Click Upload.

      If the root certificate is successfully uploaded, "The certificate has been uploaded" is displayed.

      For security purposes, periodically update the certificate.

4. Configure the LDAP group.
   1. In the LDAP User Group area, click Add or .
   2. In Current User Password, enter the iBMC user password.
   3. Configure LDAP group parameters.
      • LDAP Group: Enter the LDAP user group name, for example info_group1 (the LDAP group name set in iBMC Configuring the Directory Server).
      • LDAP Group Folder: Enter the name of the folder in which the LDAP group applications are stored.

        The LDAP group folder must be the same as the organizational unit set on the LDAP server, for example, company/department (the organizational unit set in iBMC Configuring the Directory Server).

      • Login Rules: Set the login rules.
      • Login Interfaces: Set the login interfaces.
      • Role: Assign operation permissions to the user group.
   4. Click Save.

5. Use a domain account to log in to the iBMC.
   1. On the iBMC login page, enter the user name test and password HWinfo/Admin@9000.
   2. In Domain, select the LDAP server domain name, for example, iBMC.com.
   3. Click Log In.