Management and Configuration Guide (Includes ACM xl) 2005-12

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

151

152

153

154

155

156

157

158

159

160

ProCurve Secure Access 700wl Series Management and Configuration Guide 5-13

Configuring Authentication

Type the fully-qualified host name or IP address of the server where the Active Directory is

located.

c. If the LDAP server uses a port other than UPD port 389, enter the appropriate number.

d. Type the base Distinguished Name (DN) that should be appended to the username attribute

for authentication requests. For Active Directory, this is the domain name, in the form

dc=<domaincomponent>,dc=<domaincomponent>, with no spaces between the components

of the domain name.

For example, if your NT domain is

XYZCorp.com, the Base DN would be:

dc=XYZCorp,dc=com

In the Username field, type the name of the attribute that contains a user’s logon name. For

Active Directory, this is “

sAMAccountName”. The username is case sensitive.

f. If you want to retrieve group information, type the Group attribute into the Group field. For

Active Directory, this is the attribute “

memberof”.

g. The timeout value specifies the length of time the 700wl Series system waits for a response

to an authentication request before it abandons the request. The default is 120 seconds. You

can change this as appropriate for your situation.

Step 2. Specify the options for your server:

a. You should use SSL for a secure connection, since with User Binding the 700wl Series

system sends user passwords to Active Directory with the authentication request.

Note:

This requires that you have SSL enabled on your Active Directory server.

b. Active Directory is based on LDAP v3, so leave the second check box (Use LDAPv2)

unselected.

Step 3. Select the Bind Method for this server:

•Select

User bind if you are using Active Directory for user authentication (providing a

username as the DN to be authenticated.

•Select

Non-user bind if you are using Active Directory only for external group retrieval, or if

you need to use aliasing because the user’s logon ID is not used as their DN. In either of these

cases you must bind as the rootDN.

To use User binding for authentication where the user logon ID is used as the DN, do the

following:

a. Select User bind from the drop-down field.

b. Enter the following into the User bind string field:

<domain name>\%s

For example, for domain XYZCorp.com, this would be XYZCorp\%s.

To use Non-User binding, do the following:

a. Select Non-User bind from the drop-down list.

b. If the password field is not returned, select the first radio button (Use the username field as

an alias

c. If the user logon name is used as the DN, select the second radio button (Use the returned

password for authentication