Management and Configuration Guide (Includes ACM xl) 2005-12

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

151

152

153

154

155

156

157

158

159

160

ProCurve Secure Access 700wl Series Management and Configuration Guide 5-11

Configuring Authentication

If you select Non-user bind, the remaining fields on the page are as follows:

Group Identity Field The name of the attribute containing group membership information for the

user, if group information is contained in the same LDAP entry as the user

information. This information is retrieved after successful authentication of the

user, and is used to match the user to an Identity Profile.

Additional Identity Search The search string to use to retrieve group membership information if it is not

contained in the same entry as the user information. Use %s in place of the

actual user logon name in this string (for example, cn=%s). The actual user

logon name is substituted for the %s variable.

Timeout Authentication timeout period (in seconds), that is, how long the 700wl Series

system will wait for a response from the LDAP service before it considers the

request to have failed. If this field is set to zero, authentication will occur but

group retrieval will not take place.

Use a secure connection (SSL)

(check box)

Select this option to communicate with the LDAP server using SSL. This is

recommended if you are going to use one of the following options where the

700wl Series system sends the user password to the LDAP server:

• User binding

• Rootdn/rootpw binding

• “Use the username field as an alias…”

• Password encryption set to CLEAR

SSL must be enabled on the LDAP server to use this option.

Use LDAP v2

(check box)

Select this option if your Directory is based on LDAP v2.

The default is LDAP v3.

Bind Method Select the bind method to be used to bind to the LDAP database:

• Select Non-User Bind if your LDAP server allows you to connect

anonymously or using the root DN and root password, and you want to

present a user logon and retrieve the associated user password from the

directory service.

• Select User Bind to bind as the user being authenticated, sending the user

logon name and password to the directory service for authentication.

The fields in the bottom part of the page change based on this selection.

Table 5-4. LDAP Authentication Configuration Options, Non-User Bind

Field/Option Description

Use the username field as

an alias to find the user’s DN

and authenticate by rebinding.

Select this option if the user’s DN is not the same as the username field (the

user logon). If this is the case, the 700wl Series system does the user

authentication in two steps:

It first connects to the directory service with Non-user binding, and uses the

username as an alias to retrieve the actual user DN.

It binds a second time with User binding, using the retrieved user DN and the

user-provided password to authenticate the user.

Use the returned password

for authentication.

Select this option to indicate that the password should be retrieved so the

700wl Series system can use it to authenticate the user.

Table 5-3. LDAP Authentication Configuration Options, Top Part of the Page

Field/Option Description