XYGATE User Authentication Reference Manual

ManualsBrandsHP ManualsServerHP NonStop G-Series

111

112

113

114

115

116

117

118

119

120

XYGATE

User Authentication

™

(XUA) 1.85 Reference Manual

Chapter 12. Configuring the LDAP Interface

XYPRO Technology Corporation 84 Proprietary and Confidential

User Expires : * None *

Password Expires : * None *

Password May Change : * None *

Password Must Change : Every 90 days

Password Expiry Grace : 21 days

Last Logon : 2006-09-13 13:42:13.162144

Last Unsuccessful Lgn : 2007-01-16 10:46:22.574923

Fail count : 13

Static fail count : 121

Frozen/Thawed : Thawed

Last Modification Time: 2007-01-16 10:46:22.574923

UAGROUP LDAP-AUTHENTICATE Replying with access NO

UAGROUP AUTHENTICATE Outcome is LDAP-PASSWORD-WRONG

SEEP return 00000,00020,00000 Delay 00001,00060

Access result - NO using GROUP LDAP-AUTHENTICATE

In the above example, alias qa-LDAP8jxj was mapped to userid ldap8jxj based on

the mapping configuration of the LDAP_AUTHENTICATE UAGROUP. The status of

the alias account was checked with Safeguard. In this case, the mapping was used,

but LDAP authentication failed due to an invalid password.

12.10 Configuring LDAP Lookup option

LDAP can be configured to LOOKUP the userid information including the domain

name etc in the LDAP database.

In the Example below, XYGATEUA will look up the userid information in the LDAP

database. It will use the user "myldapuser" as a search user to get the information.

XYGATEUA it will get the password for the search from the LDAPPASS file which will

be present in the XYGATEUA installation.

Example 1: Sample UAGROUP with LOOKUP and user mapping

UAGROUP LDAP-LOOKUP-AUTHENTICATE

DESCRIPTION "LDAP using DN with LOOKUP ON"

FROM_USER $EVERYONE

TO_USER XYPRO.ADMIN ALIAS:"admin1" ALIAS:"admin2"

LDAP_AUTHENTICATE ON

LDAP_LOOKUP ON

Map “^XYPRO.ADMIN$” replace “admin@xypro-23.local”

LDAP_USERS_CONTAINER "dc=company-23,dc=local"

LDAP_LOOKUP_ATTRIBUTE "samaccountname"

LDAP_DN_ATTRIBUTE "dn"

LDAP_SEARCH_USER "myldapuser"

AUDIT_ACCESS_PASS OFF

AUDIT_ACCESS_FAIL ON

UAGROUP EVERYONE-ELSE

FROM_USER $EVERYONE

TO_USER $EVERYONE

LDAP_AUTHENTICATE OFF

The UAGROUP LDAP-LOOKUP-AUTHENTICATE also uses the mapping option.

When the user XYPRO.ADMIN logs on, it will be converted to admin. The mapping

feature helps users to continue to use their existing Nonstop userid to logon.