Management and Configuration Guide (Includes ACM xl) 2005-12

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

151

152

153

154

155

156

157

158

159

160

5-10 ProCurve Secure Access 700wl Series Management and Configuration Guide

Configuring Authentication

Depending on the configuration of your LDAP server, you can configure the 700wl Series system to

either retrieve the user’s password from the LDAP directory and then authenticate the user, or have the

LDAP directory server do the authentication. The type of authentication you want to do determines the

method you use to establish a session with the LDAP server. Establishing a session is known as binding

to the server.

The bind methods you can use will be dictated by the configuration of your LDAP server.

• Non-User Binding allows the 700wl Series system to bind to the directory service either

anonymously, or using the root Distinguished Name (DN) and password, and retrieve the user’s

password. The 700wl Series system then authenticates the user.

• User Binding specifies that the 700wl Series system should bind to the directory service as if it were

the user, presenting the user’s DN and password. The directory service then authenticates the user.

The bind method you select determines what fields you see on the bottom part of the LDAP

configuration page.

The 700wl Series system also retrieves group identity information for the user from the LDAP server.

This can be done in two ways.

• If group identity information is included in the same record as the rest of the user information, you

need to provide the name of the attribute that contains this information.

• If group identity information is kept in a separate record, you can specify a second search string to

retrieve the group membership in a second operation.

You will need to know the following information about your LDAP database:

• The base Distinguished Name for your database

• The attribute that contains the user logon name

• The attribute that contains the user password, if you are doing a non-user bind, and the method of

encryption that the database uses to encrypt the password

• The bind string that defines the user Distinguished Name, if you are using user binding

• The attribute that contains the group membership identity information, if it is kept in the user

record

• The search string to find group membership information if it is kept in a separate record

The information required to configure an LDAP service for authentication is defined in the following

tables. Table 5-3 defines the fields on the top part of the page:

Table 5-3. LDAP Authentication Configuration Options, Top Part of the Page

Field/Option Description

Name Your name for this authentication method. You can use any alphanumeric

string as the name.

Server The Fully Qualified Domain Name (FQDN) or IP address of the server running

the LDAP service.

Port The UDP Port for LDAP (default is 389)

Base DN (Distinguished Name) The base Distinguished Name (DN) to be appended to the username.

Username Field The name of the field (attribute) in the database that holds the username to be

matched. The default is uid.