XYGATE User Authentication Reference Manual

ManualsBrandsHP ManualsServerHP NonStop G-Series

101

102

103

104

105

106

107

108

109

110

XYGATE

User Authentication

™

(XUA) 1.85 Reference Manual

Chapter 12. Configuring the LDAP Interface

XYPRO Technology Corporation 81 Proprietary and Confidential

Chapter 15, “Mapping NonStop IDs to Alternative Authentication Databases” starting

on page 129 for complete information on mapping.

Important! When a Guardian user name is used for mapping, it should be specified in

uppercase format. For example, specify TECH.OPER1 instead of tech.oper1.

Example 1: Sample UAGROUP with mapping, if LDAP_BIND_NAME in UACONF

ACLGROUP $TECH-IDS TECH.*

ACLGROUP $APPL-IDS APPL.* underlying:111,*

ACLGROUP $QA-IDS alias:"qa*"

ACLGROUP $EVERYONE *.* alias:"*"

UAGROUP AD-AUTHENTICATE

! Strips off GROUP names to create LDAP Account Names

FROM_USER $EVERYONE

TO_USER $TECH-IDS $APPL-IDS $QA-IDS

LDAP_AUTHENTICATE ON

MAP re:"^TECH\." delete exit

MAP re:"^APPL\." delete exit

MAP re:"^qa-" delete exit

MAP re:"^control-" delete exit

UAGROUP EVERYONE-ELSE

FROM_USER $EVERYONE

TO_USER $EVERYONE

LDAP_AUTHENTICATE OFF

In this example, the logon names of the users specified in the AD-AUTHENTICATE

UAGROUP are mapped to the Windows Active Directory User Account names using

the MAP keyword sequences. Based on this UAGROUP, if user TECH.OPER1 logs on

to the NonStop server, the name is mapped to OPER1 in the AD database. If the

LDAP_BIND_NAME keyword is specified in the UACONF file, it will be appended to

the mapped value to create a userid such as OPER1@MYCOMPANY.LOCAL. The

password of OPER1@MYCOMPANY.LOCAL User Account will be checked in the

Windows Active Directory database.

The LDAP_BIND_NAME keyword is not required in UACONF. Attaching of the domain

name can also be achieved by mapping the entry in the UAACL file with the APPEND

operator as shown in the example below:

Example 2: Sample UAGROUP with mapping, if LDAP_BIND_NAME not in UACONF

ACLGROUP $TECH-IDS TECH.*

ACLGROUP $APPL-IDS APPL.* underlying:111,*

ACLGROUP $QA-IDS alias:"qa*"

ACLGROUP $EVERYONE *.* alias:"*"

UAGROUP LDAP-AUTHENTICATE

! Strips off GROUP names to create LDAP Account Names and adds the

! domain name to fully qualify the user account

LDAP_AUTHENTICATE ON

MAP re:"^TECH\." delete

MAP re:"^APPL\." delete

MAP re:"^qa-" delete