Manualshelf

HP Storage Essentials SRM 6.0 User Guide for Enterprise Edition and Standard Edition SRM Software (July 2008)

ManualsBrandsHP ManualsSoftwareHP Storage Essentials SRM Standard Edition-to-Enterprise Edition Upgrade E-LTU
191192193194195196197198199200
Managing Security158
Configuring the Management Server to Use Active Directory
By default, AD allows connections with domain\username, instead of with the distinguished name
(DN) used by a generic LDAP server. However, you can use the generic LDAP server setup to
authenticate with AD, as described in ”Configuring the Management Server to Use LDAP” on
page 161.
To specify the management server to use AD:
1. Before switching to AD authentication mode, the management server needs to be configured
with a designated AD user and other AD-specific credentials. At startup, the designated AD user
is mapped to the built-in Admin user and overrides it with the AD user information.
IMPORTANT: Make sure the administrator account has already been created in AD before
you add it to the login-handler.xml file.
a. On the management server look in one of the following locations:
Windows: %MGR_DIST%\Data\Configuration
UNIX systems: $MGR_DIST/Data/Configuration
b. In the login-handler.xml file, change the value of the <AdminAccountName> tag to
the name of a user account in AD, as shown in the following example:
<AdminAccountName>domain\PrimaryUser</AdminAccountName>
where PrimaryUser is the name of the user account that is designated as the
primary user in AD.
For security reasons, it is recommended that the designated user not be the AD Domain
Administrator
2. In the login-handler.xml file, comment out the section that contains
com.appiq.security.server.BasicLoginhandler, which enables internal
authentication mode. Only one login handler is allowed at a time.
<!--LoginHandlerClass>com.appiq.security.server.BasicLoginHandler</LoginHan
dlerClass-->
3. Comment out the <LoginHandlerType>Default</LoginHandlerType> tag as follows:
<!--LoginHandlerType>Default</LoginHandlerType-->
4. Uncomment the line containing the class name and login handler type so that it appears as
follows:
<LoginHandlerClass>com.appiq.security.server.ActiveDirectoryLoginHandler</L
oginHandlerClass>
<LoginHandlerType>ActiveDirectory</LoginHandlerType>
5. Replace directory.hp.com with the IP address or the fully qualified DNS name of your
primary Domain Controller server in the login-handler.xml file, as shown in the following
example:
<PrimaryServer port="389">192.168.10.1</PrimaryServer>
where
192.168.10.1 is the IP address of the primary Domain Controller server running AD.
389 is the port on which AD is running on the server.