XYGATE User Authentication Reference Manual

ManualsBrandsHP ManualsServerHP NonStop G-Series

101

102

103

104

105

106

107

108

109

110

XYGATE

User Authentication

™

(XUA) 1.85 Reference Manual

Chapter 12. Configuring the LDAP Interface

XYPRO Technology Corporation 73 Proprietary and Confidential

(Item 8):

If you would like to encrypt communications between XUA and the LDAP server,

specify the unqualified name of the certificate file.

Enter unqualified certificate file name <press Enter if none>?mycert

Enter the unqualified certificate filename if you will be using SSL encryption to

communicate with the LDAP server. The existence of a value for this keyword is what

determines whether or not the LDAP communication is via SSL, not the port value.

Pressing Enter without entering a value means there will be no encryption.

The certificate file should be an unstructured file containing the certificate in PEM

format. If the certificate is not self-signed, the certificates of the signing authorities in

PEM format should also be copied into this file. If you will be configuring multiple LDAP

authentication points, all the required certificates can be combined into this single file.

The corresponding UACONF keyword is LDAP_PROXY_CACERT.

(Item 9):

What is the LDAP server port number <636>? 

The default port value will usually be the correct answer. Port 636 is the standard

LDAP authentication port for SSL-encrypted communication. Port 389 is the standard

LDAP authentication port for clear-text communication.

Your configuration does not have to use the standard port values, but the LDAP server

that will be used to authenticate with must be configured to receive authentication

requests on the configured port.

The corresponding UACONF keyword is LDAP_PORT.

(Item 10):

Would you like to add another LDAP Group (Y/N)? Y

Multiple-LDAP authentication points, each with their own set of configuration values

and identified by an LDAP group name, are supported. Answer Y to this question if you

wish to configure an additional LDAP authentication point; otherwise, enter N.

(Item 11):

Since more than one LDAP group is to be configured, the already

configured group of LDAP specific keywords needs to be labeled with

a value that users 'may' need to specify to indicate which

LDAP group to use when authenticating.

The value must be unique for each set of configured LDAP specific

keywords, is not case-sensitive, and cannot be > 50 characters.

Enter LDAP group value <LD1>? 

This prompt will only appear if multiple LDAP authentication points are being

configured. Enter a name for the LDAP authentication point. This value is what the