- Notes, cautions, and warnings
- Preface
- Overview
- Deployment
- Getting started
- System configuration
- Configure network settings
- Manage users, roles, and scopes
- Ending user sessions
- Directory services integration
- Login using OIDC providers
- Security certificates
- Manage console settings
- Set the login security properties
- Customize the alert display
- Configure SMTP, SNMP, and Syslog
- Manage incoming alerts
- Manage warranty settings
- Configure remote commands and scripts
- OpenManage Mobile settings
- Enable or disable alert notifications for OpenManage Mobile
- Enable or disable OpenManage Mobile subscribers
- Delete an OpenManage Mobile subscriber
- View the alert notification service status
- Notification service status
- View information about OpenManage Mobile subscribers
- OpenManage Mobile subscriber information
- Troubleshooting OpenManage Mobile
- Discovering devices
- Server-initiated discovery
- Create a device discovery job
- Protocol support matrix for discovering devices
- View device discovery job details
- Edit a device discovery job
- Run a device discovery job
- Stop a device discovery job
- Discover multiple devices by .csv import
- Global exclusion of ranges
- Specify a discovery mode for server discovery
- Create a custom discovery job for servers
- Specify discovery mode for chassis discovery
- Create a custom discovery job for the chassis
- Specify discovery mode for Dell storage discovery
- Specify discovery mode for network switch discovery
- Create a custom discovery job for HTTPS storage devices
- Create a custom discovery job for SSH devices
- Create a custom discovery job for SNMP devices
- Specify the discovery mode for multiple discovery jobs
- Delete a device discovery job
- Managing devices and device groups
- Organize devices into groups
- Create a custom static or query group
- Create a static device group
- Create a query device group
- Edit a static group
- Edit a query group
- Rename a static or query group
- Delete a static or query device group
- Clone a static or query group
- Add devices to a new group
- Add devices to existing group
- Refresh health on group
- All Devices screen device list
- All Devices screen actions
- Delete devices from OpenManage Enterprise
- Exclude devices from OpenManage Enterprise
- Run inventory on devices
- Update the device firmware and drivers by using baselines
- Refresh the device health of a device group
- Refresh health on devices
- Roll back an individual device's firmware version
- Export the single device inventory
- Performing more actions on chassis and servers
- Hardware information displayed for MX7000 chassis
- Export data
- View and configure individual devices
- Run and download diagnostic reports
- Extract and download a Services report
- Managing individual device hardware logs
- Run remote commands on managed devices
- Launch the iDRAC device management application
- Launch the virtual console
- Attaching iDRAC virtual media
- Refresh device inventory of a single device
- View installed and available licenses on a device
- Organize devices into groups
- Managing device inventory
- Managing device firmware and drivers
- Managing device deployment templates
- Create a deployment template from a reference device
- Create a deployment template by importing a template file
- View a deployment template information
- Edit a server deployment template
- Edit a chassis deployment template
- Edit IOA deployment template
- Edit network properties of a deployment template
- Deploy device deployment templates
- Deploy IOA deployment templates
- Clone deployment templates
- Export a deployment template
- Delete deployment templates
- Auto deploy device configuration before discovery
- Create auto deployment targets
- Delete auto deployment targets
- Export auto deployed target details
- Overview of stateless deployment
- Define networks
- Edit or delete a configured network
- Export VLAN definitions
- Import network definitions
- Managing device warranty
- Managing alerts
- Managing MIB files
- Configuring profiles
- Configuration compliance
- Managing licenses
- Using jobs for device control
- Monitoring audit logs
- Monitoring reports
- Back up, restore, or migrate
- Updating the console and plugins
- Managing plugins
- Troubleshooting
- Troubleshooting connectivity
- Firmware and DSU requirements for HTTPS
- Firmware schedule reference
- Firmware baseline field definitions
- Supported and unsupported actions on proxied sleds
- Schedule job field definitions
- Alert categories after EEMI relocation
- Token substitution in remote scripts and alert policy
- Catalog Management field definitions
- Devices with unknown compliance status
- Device rediscovery running for a long time after deleting iDRAC service account
- Dell Connectivity Service : Failed with exception: Unable to get access token from DCS
OpenManage Enterprise 4.1.x User's Guide
Import Active Directory and LDAP groups
This topic describes how to import users in active directory or LDAP for authentication into the appliance.
Prerequisites
- Ensure you are logged into OpenManage Enterprise as an Administrator, as described in User roles.
- Users other than Administrator cannot enable or disable the Active Directory (AD) and Lightweight Directory Access Protocol (LDAP) users.
- Ensure Active Directory groups have a Universal group scope.
- AD and LDAP directory users can be imported and assigned one of the OpenManage Enterprise roles (Administrator, DeviceManager, or Viewer). The Single-Sign-On (SSO) feature stops at login to the console. Actions run on the devices require a privileged account on the device.
- If RSA SecurID authentication is required on users from the Active Directory or LDAP groups, ensure the active directory or LDAP groups are integrated with the RSA server.
Steps
- Click Import Directory Group.
-
In the
Import Active Directory dialog box:
-
From the
Directory Source drop-down menu, select an Active Directory or LDAP source that must be imported for adding groups.
For more information on support services, see Add or edit the Active Directory connection.
- Click Input Credentials.
- In the dialog box, type the username and password of the domain where the directory is saved. Use tool tips to enter the correct syntax.
- Click Finish.
-
From the
Directory Source drop-down menu, select an Active Directory or LDAP source that must be imported for adding groups.
-
In the
Available Groups section:
- In the Find a Group box, enter the initial few letters of the group name available in the tested directory. All the groups names that begin with the entered text are listed under GROUP NAME.
- Select the check boxes corresponding to the groups be imported, and then click the >> or << buttons to add or remove the groups.
-
In the
Groups to be Imported section:
- Select the check boxes of the groups, and then select a role from the Assign Group Role drop-down menu. For more information about the role-based access, see Role and scope-based access.
-
Click
Assign Role.
NOTE:For a logged-in Active Directory user belonging to an imported child Active Directory group, multiple roles such as Device Manager and Viewer are displayed upon a mouse-over on the username on the appliance masthead. This happens if the parent directory group and child directory group are imported with different privileges. For such Active Directory users, the role with the maximum privilege will be applied.The users in the group under the selected directory service are assigned the selected user roles.
- For the Device Manager role, the scope is defaulted to All Devices, however, the administrator can restrict the scope by choosing the Assign Scope option followed by selecting the device group(s).
- Repeat steps 3 and 4, if necessary.
-
Click
Import.
The directory groups are imported and displayed in the Users list. However, all users in those groups will log in to OpenManage Enterprise by using their domain username and credentials.
Example
It is possible for a domain user, for example john_smith, to be a member of multiple directory groups, and also for those groups to be assigned different roles. In this case, multiple roles such as Device Manager and Viewer are displayed upon a mouseover on the username on the appliance masthead right-hand corner. Such users will receive the highest level role for all the directory groups they are assigned to.
- Example 1: The user is a member of three groups with admin, DM, and viewer roles. In this case, user becomes an administrator.
- Example 2: The user is a member of three DM groups and a viewer group. In this case, the user will become a DM with access to the union of device groups across the three DM roles.
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\