Manualshelf

HP Storage Essentials V5.1 User Guide Second Edition (Linux Release) (T4283-96056, November 2006)

ManualsBrandsHP ManualsSoftwareHP Storage Essentials SRM Global Report Manager 50 MAP Tier-2 E-LTU
201202203204205206207208209210
Managing Security170
1. Before switching to Active Directory (AD) authentication mode, the management server needs to
be configured with a designated Active Directory user and other AD specific credentials. At
startup, the designated Active Directory user is mapped to the built-in “admin” user and
overrides it with the Active Directory user information.
IMPORTANT: Make sure the administrator account has already been created in Active
Directory before you add it to the login-handler.xml file.
a. On the management server look in one of the following locations:
Windows: %MGR_DIST\Data\Configuration
UNIX systems: $MGR_DIST/Data/Configuration
NOTE: If you want to go back and forth between internal and external (AD/LDAP)
authentication, rename the login-handler.xml file before you modify it. This way you
can easily switch back to internal authentication by changing the file name back to
login-handler.xml.
b. In the login-handler.xml file, change the value of the <AdminAccountName> tag to
the name of a user account in Active Directory, as shown in the following example:
<AdminAccountName>domain\PrimaryUser</AdminAccountName>
where PrimaryUser is the name of the user account that is designated as the primary user in
Active Directory.
Keep in mind the following:
For security reasons, it is recommended that the designated user not be the AD Domain
Administrator
If you are using Active Directory, prefix the user name with the domain name, for example:
domain\
PrimaryUser
2. In the login-handler.xml file, comment out the section that contains
com.appiq.security.server.BasicLoginhandler, which enables internal
authentication mode. Only one login handler is allowed at a time.
<!--LoginHandlerClass>com.appiq.security.server.BasicLoginHandler</LoginHan
dlerClass-->
3. Comment out the <LoginHandlerType>Default</LoginHandlerType> tag as follows:
<!--LoginHandlerType>Default</LoginHandlerType-->
4. Uncomment the line containing the class name and login handler type so that it appears as
follows:
<LoginHandlerClass>com.appiq.security.server.ActiveDirectoryLoginHan
dler</LoginHandlerClass>
<LoginHandlerType>ActiveDirectory</LoginHandlerType>
5. Replace directory.hp.com with the IP address or the fully qualified DNS name of your
primary Domain Controller server in the login-handler.xml file, as shown in the following
example:
<PrimaryServer port="389">192.168.10.1</PrimaryServer>