Manualshelf

Installation Manual

ManualsBrandsHP ManualsSoftwareHP Storage Essentials Standard Edition SRM Software
391392393394395396397398399400
Managing Security370
Step 1 — Configure the Management Server to Use AD or LDAP” on page 369
Step 2 — Restart the AppStorManager Service and Login as the Designated Admin Account
on page 376
Step 3 — Add Users to the Management Server” on page 377
Step 4 — Provide Login Information to Your Users” on page 377
Step 1 — Configure the Management Server to Use AD or LDAP
If you want to use AD/LDAP, you must modify the login-handler.xml file. How you modify the
login-handler.xml file depends on whether you plan to use AD or LDAP.
To configure the management server:
To use AD, see ”Configuring the Management Server to Use Active Directory” on page 369
To use LDAP, see ”Configuring the Management Server to Use LDAP” on page 373
Configuring the Management Server to Use Active Directory
By default, AD allows connections with domain\username, instead of with the distinguished name
(DN) used by a generic LDAP server. However, you can use the generic LDAP server setup to
authenticate with AD, as described in ”Configuring the Management Server to Use LDAP” on
page 373.
To specify the management server to use AD:
1. Before switching to AD authentication mode, the management server needs to be configured
with a designated AD user and other AD-specific credentials. At startup, the designated AD
user is mapped to the built-in Admin user and overrides it with the AD user information.
IMPORTANT: Make sure the administrator account has already been created in AD before
you add it to the login-handler.xml file.
a. On the management server look in one of the following locations:
Windows: %MGR_DIST%\Data\Configuration
UNIX systems: $MGR_DIST/Data/Configuration
b. In the login-handler.xml file, change the value of the <AdminAccountName> tag to
the name of a user account in AD, as shown in the following example:
<AdminAccountName>domain\PrimaryUser</AdminAccountName>
where PrimaryUser is the name of the user account that is designated as the
primary user in AD.
For security reasons, it is recommended that the designated user not be the AD Domain
Administrator
2. In the login-handler.xml file, comment out the section that contains
com.appiq.security.server.BasicLoginhandler, which enables internal
authentication mode. Only one login handler is allowed at a time.
<!--LoginHandlerClass>com.appiq.security.server.BasicLoginHandler</LoginHan
dlerClass-->