XYGATE User Authentication Reference Manual

XYPRO Technology Corporation 59 Proprietary and Confidential

Chapter 12. Configuring the LDAP

Interface

XYGATEUA interfaces to Windows Active Directory and OpenLDAP to enable single

sign-on schema for the HP NonStop platform. This chapter describes the steps

required to configure the LDAP interface.

Single sign-on in general provides an employee with a single userid that is valid on

multiple platforms. This allows the userid to match defined corporate standards, such

as an employee number. Because such userids are unlikely to fit the NonStop server’s

userid naming conventions, the only way to implement single sign-on on this platform

is with aliases.

If the use of aliases is not desired and the NonStop userids do not exactly match

userids on other platforms, the users may still benefit from using the LDAP interface. In

this case, the users will have to know their NonStop userid, but the users’ passwords

are maintained only within the LDAP database and used for NonStop authentication.

12.1 Configuration Steps

To configure the LDAP interface, there are five basic steps:

1. Prepare the NonStop system for authentication via LDAP (section 12.3).

2. Review the considerations for LDAP configuration (section 12.4).

3. Run the XUA_LDAP_INSTALL host macro to prepare XUA for communication with

the LDAP server (section 12.5).

4. Edit the UAACL file to implement the LDAP authentication and mapping

(section 12.8).

5. Test the XUA interface to the LDAP server and user name mapping (section 12.9).