XYGATE User Authentication Reference Manual

ManualsBrandsHP ManualsServerHP NonStop G-Series

291

292

293

294

295

296

297

298

299

300

XYGATE

User Authentication

™

Reference Manual

Appendix B: The UAACL File

XYPRO Technology Corporation 269 Proprietary and Confidential

B25: LDAP_AUTHENTICATE

The LDAP_AUTHENTICATE keyword value determines if the authentication request

will be sent to the LDAP server, and in what manner.

Syntax:

LDAP_AUTHENTICATE {ON | OFF | OPTIONAL}

ON – users’ passwords and network IDs will be verified by LDAP.

In case the network ID and password verification by the LDAP server is not available

because the LDAP server is non-responsive or the network communication is down,

the logon request will be denied.

OFF – If both the UACONF and UAACL have this keyword set to OFF, users will only

be authenticated by Safeguard, and not LDAP. If the keyword is present in both files,

and the values are different, the value in the UAACL wins.

When running the XUA_LDAP_INSTALL macro (page 70) as the initial step in

configuring the LDAP interface, the answer to the prompt "Do you want to use LDAP

authentication for all NonStop users?" will create an entry in the UACONF file. This

entry can be changed at anytime by direct editing of the UACONF file.

OPTIONAL – If communication with the LDAP server is successful, LDAP-controlled

password verification is invoked as if the value was ON. But, if the LDAP server is

unavailable, the authentication (password verification) is diverted to Safeguard, instead

of denied, as it would be with the ON setting. The setting of OPTIONAL may be

beneficial, if implemented in the UAACL for a specific group of users who would

require LDAP authentication, yet need access to the NonStop server, even if the

network is down. The users’ NonStop passwords must be maintained and

remembered for such cases.

If present in a UAGroup, this keyword’s value overrides the one in the UACONF file.

If this keyword is omitted, the value in the UACONF file is used.

Example: How to specify users who should be authenticated via LDAP

UAGROUP OPERATORS

Description "All operators authenticated with network password"

LDAP_AUTHENTICATE ON

!Selection Criteria:

FROM_USER $EVERYONE

TO_USER $OPERATORS