HP 3PAR Management Console 4.5.1 Software User Guide
DescriptionFieldGroup
Indicates the binding mechanism used.SASL Mechanism
PLAIN – Similar to simple binding where the username and
password are sent directly to the LDAP server for authentication
(default).
DIGEST-MD5 – The LDAP server sends the LDAP client one-time
data that is encrypted by the client and returned to the server
using a method that proves the client knows the user‘s password
without actually having to send the password.
GSSAPI – Obtains a ticket from the Kerberos server that validates
the user‘s identity. The ticket is then sent to the LDAP server for
authentication.
The name of the host LDAP server.LDAP Server Name
Indicates the numeric IP Address of the Kerberos server if
different from the LDAP server.
Kerberos Realm
The IP address of the Kerberos server, if different than the LDAP
server.
Kerberos Server IP
Indicates the base of the subtree in the DIT to search for objects
that hold account information. It is mutually exclusive with Group
DN.
Accounts DN
The objectClass attribute of an account object. (The default is
user.)
Account Object Class
The attribute of an account object that holds the user‘s username.
(The default is sAMAccountName.)
Account Name Attribute
The attribute that holds the name of a group of which the user
is a member. (The default is memberOf.)
Member Attribute
Indicates the objectClass attribute of a group object. (The default
is group.)
Group Object Class
The version number of the certificate.VersionCertificate
(shown if the value of
the Use Certificate field
is Yes.)
Who the certificate is issued to.Issued to
Who the certificate is issued by.Issued by
Dates the certificate is valid.Valid from
The LDAP Authorization Screen
The Authorization screen displays the Authorization Group and Group Distinguished Name of all
authorized LDAP users.
NOTE: This screen must be displayed in order to enable the Test LDAP Connection button on the
toolbar.
84 Managing LDAP with Security & Domains Manager