HP Storage Essentials V5.1 User Guide Second Edition (Linux Release) (T4283-96056, November 2006)

ManualsBrandsHP ManualsSoftwareHP Storage Essentials SRM Charge Back Manager 50 MAP Tier-2 E-LTU

201

202

203

204

205

206

207

208

209

210

Storage Essentials 5.1 User Guide 175

The login-handler.xml file contains two sets of <CaseSensitiveUserName> tags: one for

Active Directory and one for LDAP. Make sure you change the value of the

<CaseSensitiveUserName> tags that are children of the <LDAP> tags.

8. Provide the LDAP search base in which you want the management server to look up AD/LDAP

user attributes. Allow no spaces between commas and put in all components of fully qualified

domain name, for example, hds.usa.com would be DC=hds,DC=usa,DC=com.

The search base is used to specify the starting point for the search. It

points to a distinguished name of an entry in the directory hierarchy.

CN=$NAME$,dc=MyCompanyName,dc=COM</SearchBase>

or:

<SearchBase>CN=$NAME$,OU=NetworkAdministration,

dc=MyCompanyName,ou=US,dc=COM

</SearchBase>

The management server searches only those users in the company who are part of the

NetworkAdministration organization (OU=NetworkAdministration) and in the United States

(ou=US).

IMPORTANT: Different LDAP implementations may be using different keynames for CN. The

appropriate key should be mentioned in login-handler.xml. Refer to the documentation

for your LDAP server to determine how to obtain the appropriate keyname. Your keyname

may start with uid instead of CN, for example,: uid=$NAME$,ou=<Optional org

unit if applicable>, dc=windows,dc=hp,dc=com

9. Save the login-handler.xml file.

The following is an example of a modified login-handler.xml file for use with an LDAP

server. Underlined text is information that was modified:

<?xml version="1.0" encoding="ISO-8859-1"?>

<AdminAccountName>domain\admin</AdminAccountName>

<!--LoginHandlerClass>com.appiq.security.server.BasicLoginHandler</LoginHan

dlerClass-->

<!--

LoginHandlerType>Default</LoginHandlerType-->

<!-- uncomment the following to enable Active Directory login>

<LoginHandlerClass>com.appiq.security.server.ActiveDirectoryLoginHandler</L

oginHandlerClass>

<LoginHandlerType>ActiveDirectory</LoginHandlerType-->

<PrimaryServer port="389">IP address of Primary Domain

Controller</PrimaryServer>

<SecondaryServer>IP Address of Secondary Domain Controller</SecondaryServer>

<ssl>false</ssl>

<ShadowPassword>false</ShadowPassword>

<CaseSensitiveUserName>false</CaseSensitiveUserName>

<!-- provide SearchBase if full name and email attribute are to be

synchronized

between ActiveDirectory and the database.-->

<SearchBase>DC=domain extension1,DC=domain extension2,DC=COM</SearchBase>

<FullNameAttribute>displayName</FullNameAttribute>

</ActiveDirectory>