If a system is configured for a supported remote authentication service, you must create a provider for that service to ensure that VNMC and the system configured with the service can communicate.
User Accounts in Remote Authentication Services
You can create user accounts in VNMC or in the remote authentication server.
The temporary sessions for users who log in through remote authentication services can be viewed through the VNMC GUI.
User Roles and Locales in Remote Authentication Services
If you create user accounts in the remote authentication server, you must ensure that the accounts include the roles and locales those users require for working in VNMC and that the names of those roles and locales match the names used in VNMC. If an account does not have the required roles and locales, the user is granted only read-only privileges.
LDAP Attribute for User
In VNMC, the LDAP attribute that holds the LDAP user roles and locales is preset. This attribute is always a name-value pair. For example, by default CiscoAvPair specifies the role and locale information for the user, and if the filter is specified, the LDAP search is restricted to those values that match the defined filter. By default, the filter is sAMAccountName=$userid. The user can change these values to match the setting on the LDAP server. When a user logs in, VNMC checks for the value of the attribute when it queries the remote authentication service and validates the user. The value should be identical to the username.
An example of LDAP property settings is as follows:
Base DN—DC=cisco, DC=com (The specific location in the LDAP hierarchy where VNMC starts the query for the LDAP user.)