2 Simple Identity Management Profile 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 Document Number: DCIM1055 Document Type: Specification Document Status: Published Document Language: E Date: 2012-03-08 Version: 1.0.
31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 THIS PROFILE IS FOR INFORMATIONAL PURPOSES ONLY, AND MAY CONTAIN TYPOGRAPHICAL ERRORS AND TECHNICAL INACCURACIES. THE CONTENT IS PROVIDED AS IS, WITHOUT EXPRESS OR IMPLIED WARRANTIES OF ANY KIND.
67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 CONTENTS 1 2 3 4 5 6 7 8 9 10 11 Scope .................................................................................................................................................... 5 Normative References........................................................................................................................... 5 Terms and Definitions ..........................................................
98 Figures 99 100 101 102 Figure 1 – Class Diagram ............................................................................................................................. 9 Figure 2 – Simple Identity Management Profile .......................................................................................... 10 Figure 3 – Simple Identity Management Profile Implementation ................................................................
135 1 136 137 138 139 140 The DCIM Simple Identity Management Profile describes the properties and interfaces for executing system management tasks related to the management of accounts and identities. The profile standardizes and aggregates the description for the platform’s basic properties into a system view representation and provides static methodology for the clients to query the system views without substantial traversal of the model.
175 o o o o 176 177 178 DCIM_ElementConformsToProfile.mof DCIM_RegisteredProfile.mof DCIM_LCElementConformsToProfile.mof DCIM_LCRegisteredProfile.mof 179 3 180 For the purposes of this document, the following terms and definitions apply. 181 182 can - Used for statements of possibility and capability, whether material, physical, or causal. 183 184 Terms and Definitions 3.1 3.2 cannot - Used for statements of possibility and capability, whether material, physical, or causal. 3.
209 210 3.12 should not – Indicates that a certain possibility or course of action is deprecated but not prohibited. 3.13 211 212 Interop Namespace: root/interop 213 214 Interop Namespace: root/interop is where instrumentation instantiates classes to advertise its capabilities for client discovery. 215 216 3.14 Implementation Namespace: root/dcim 217 218 Implementation Namespace: root/dcim is where instrumentation instantiates classes relevant to executing core management tasks. 219 220 221 3.
243 Interop Namespace: root/interop 244 Implementation Namespace: root/dcim 245 246 Central Class: DCIM_LocalUserAccountManagementService, DCIM_IPMIAccountManagementService, and DCIM_CLPAccountManagementService 247 Scoping Class: DCIM_ComputerSystem 248 249 The Dell Simple Identity Management Profile is a component profile that contains the Dell specific implementation requirements for system view. 250 251 DCIM_CLPAccountManagementService shall be the Central Classes.
254 6 255 256 257 The Dell Simple Identity Management Profile describes platform’s user account properties and management information. The user account information is represented by an instance of DCIM_Account class. 258 Figure 1 details the class diagram of the Dell Simple Identity Management Profile.
264 265 266 267 ’s support of this profile, SimpleIdentityManagementProfile is instantiated in the Implementation Namespace: root/dcim. SimpleIdentityManagementProfile describes the information about the implemented profile: most importantly, the name and version of the profile and the organization name that produced the profile.
CLPAccountManagementCapabilities LocalUserAccountManagementCapabilities IPMIAccountManagementCapabilities ElementCapabilities ElementCapabilities SPComputerSystem SPHostedSIMP Service LocalUserAccountManagementService ElementCapabilities CLPAccountManagementService SPHostedService ServiceAffectsElement IPMIAccountManagementService SPHostedService AccountOnSystem ServiceAffectsElement ServiceAffectsElement LocalUserIdentity Account AssignedAcct Identity LANIdentity ElementCapabilities SerialIden
273 7 274 275 This section describes the requirements and guidelines for implementing the Dell Simple Identity Management Profile. Implementation Description 276 Table 2 – Class Requirements: Simple Identity Management Profile Element Name Requirement Description DCIM_Account Mandatory The class shall be implemented in the Implementation Namespace: root/dcim. See section 7.1. DCIM_AccountCapabilities Mandatory The class shall be implemented in the Implementation Namespace: root/dcim.
Element Name Requirement Description DCIM_IPMICLPElementCapabilities Mandatory The class shall be implemented in the Implementation Namespace: root/dcim. See section 7.8, 7.9 and 7.10. DCIM_IPMIServiceAffectsIdentity Mandatory The class shall be implemented in the Implementation Namespace: root/dcim. See section 7.4, 7.5 and 7.8. DCIM_CLPAccountManagementService Mandatory The class shall be implemented in the Implementation Namespace: root/dcim. See section 7.9.
278 7.1 279 This section describes the implementation for the DCIM_Account class describes local RAC account. 280 This class shall be instantiated in the Implementation Namespace: root/dcim. 281 282 The DCIM_AccountOnSystem association shall reference DCIM_Account instances and the DCIM_SPComputerSystem instance. 283 284 DCIM_AssignedAcctIdent association shall reference DCIM_Account instance and DCIM_LocalUserIdentity, DCIM_LANIdentity, DCIM_SerialIdentity, DCIM_CLPIdentity instances.
305 Table 4 – DCIM_Account - Properties Property Name Requirements Type Additional Requirement SystemCreationClassName Mandatory string The property value shall be “DCIM_SPComputerSystem”. SystemName Mandatory string The property value shall be “systemmc”. CreationClassName Mandatory string This property value shall be "DCIM_Account". Name Mandatory string The property value shall be the "iDRAC.Embedded.1#Users." where is integer from 1 to 16.
323 7.2.
343 7.3.3 Class Properties 344 Table 8 – DCIM_LocalUserIdentity – Properties Properties Type Requirement Additional Requirements InstanceId string Mandatory The property value shall be “DCIM:LocalAccount:Identity:”, where is from 1 to 16. ElementName String Mandatory This property shall have a value of “Local User Identity". 345 7.4 346 This section describes the implementation for the DCIM_LANIdentity class.
364 365 7.5 366 This section describes the implementation for the DCIM_SerialIdentity class. 367 This class shall be instantiated in the Implementation Namespace: root/dcim. 368 369 DCIM_AssignedAcctIdent association shall reference DCIM_SerialIdentity instance and DCIM_Account 370 371 DCIM_IPMIServiceAffectsIdentity shall reference the DCIM_IPMIAccountManagementService instance and 372 7.5.1 Resource URIs for WinRM® 373 374 The class Resource URI shall be “http://schemas.dell.
386 7.6 387 This section describes the implementation for the DCIM_CLPIdentity class. 388 This class shall be instantiated in the Implementation Namespace: root/dcim. 389 390 DCIM_AssignedAcctIdent association shall reference DCIM_CLPIdentity instance and DCIM_Account DCIM_CLPIdentity – Local User’s CLP Security Principal instance. 391 392 DCIM_CLPAccountManagementService. 393 7.6.1 Resource URIs for WinRM® 394 395 The class Resource URI shall be “http://schemas.dell.
408 409 7.7 410 This section describes the implementation for the DCIM_LocalUserAccountManagementService class. 411 412 413 DCIM_LocalUserElementCapabilities association shall reference the DCIM_LocalUserAccountManagementService and the DCIM_LocalUserAccountManagementCapabilities instance. 414 415 DCIM_LocalUserServiceAffectsIdentity association shall reference DCIM_LocalUserIdentity instance and the DCIM_LocalUserAccountManagementService instance.
Property Name Type Requirements Additional Requirement Name string Mandatory The property value shall be "DCIM LocalUserAccountManagementService". RequestedState uint16 Mandatory This property value shall be 12 (not applicable). EnabledState uint16 Mandatory This property value shall be 2 (Enabled). Mandatory The property value shall be "Local User Account Management Service ".
462 7.8.3 Class Properties 463 464 465 466 The following table details the implemented properties for DCIM_IPMIAccountManagementService instance representing. The “Requirements” column shall denote whether the property is implemented (for requirement definitions, see section 3). The “Additional Requirements” column shall denote either possible values for the property, or requirements on the value formulation.
490 Table 19 – DCIM_CLPAccountManagementService - Operations Operation Name Get Enumerate Requirements Mandatory Mandatory Required Input Instance URI Class URI 491 7.9.3 Class Properties 492 493 494 495 The following table details the implemented properties for DCIM_CLPAccountManagementService instance. The “Requirements” column shall denote whether the property is implemented (for requirement definitions, see section 3).
514 Table 21 – DCIM_LocalUserAccountMangementCapabilities - Operations Operation Name Get Enumerate 515 Requirements Mandatory Mandatory Required Input Instance URI Class URI 7.10.
533 7.11.2 Operations 534 The following table lists the operations implemented on DCIM_IPMICLPAccountMangementCapabilities. 535 Table 23 – DCIM_IPMICLPAccountMangementCapabilities - Operations Operation Name Get Enumerate 536 Requirements Mandatory Mandatory Required Input Instance URI Class URI 7.11.
554 555 7.12.3 Class Properties 556 557 558 559 The following table details the implemented properties for DCIM_RegisteredProfile instance representing Simple Identity Management Profile implementation. The “Requirements” column shall denote whether the property is implemented (for requirement definitions, see section 3). The “Additional Requirements” column shall denote either possible values for the property, or requirements on the value formulation.
578 7.13.3 Class Properties 579 580 581 582 583 The following table details the implemented properties for DCIM_LCRegisteredProfile instance representing Simple Identity Management Profile implementation. The “Requirements” column shall denote whether the property is implemented (for requirement definitions, see section 3). The “Additional Requirements” column shall denote either possible values for the property, or requirements on the value formulation.
Value Description 2 Error occurred 596 597 Table 30 – DCIM_Account.RequestStateChange() Method: Parameters Qualifiers Name Type Description/Values IN, REQ RequestedState uint16 Valid state values: • 2 (Enabled) • 3 (Disabled) OUT MessageID string Error Message ID may be used to look-up in the Dell Message registry files. For more information, see Error Message Registry.
609 11 610 611 612 The following table describes the privilege and license requirements for the listed operations. For the detailed explanation of the privileges and licenses, refer to the Dell WSMAN Licenses and Privileges specification. Privilege and License Requirement Version 1.0.
613 Table 32 – Privilege and License Requirements Class and Method DCIM_Account Operation ENUMERATE, GET DCIM_Account.