Management and Configuration Guide (Includes ACM xl) 2005-12

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

151

152

153

154

155

156

157

158

159

160

5-14 ProCurve Secure Access 700wl Series Management and Configuration Guide

Configuring Authentication

Specify the Password Field that contains the user password. Typically this will be

“

userPassword”

ii.

Specify the Password Encryption method. By default the Active Directory directory

service uses SHA.

d. Select Bind using rootdn/rootpw or Anonymous bind.

If you selected

Bind using rootdn/rootpw, enter the Rootdn and Rootpw for your database.

Step 4. When finished, click Save.

Using a Netscape or iPlanet Directory Service

This section guides you through the configuration choices for authenticating a Netscape or iPlanet

directory service.

Step 1. Type the basic information about this LDAP authentication service:

a. Type a name for this authentication service. This can be any alphanumeric string.

b. Type the fully-qualified host name or IP address of the server where the LDAP directory is

located.

c. If the server uses a port other than UPD port 389, enter the appropriate number.

d. Type the base Distinguished Name (DN) that should be appended to the username attribute

for authentication requests.

e. Type the Username attribute (commonly “uid”) that contains a user’s logon name.

Step 2. If you want to retrieve group identity information to be used to match an Identity Profile, fill in

the following fields:

a. If you want to retrieve group information, specify the field that will contain the group

membership information in the record to be retrieved (typically

cn)

b. Type the following string into the Additional Identity Search field:

(&(objectclass=groupofuniquenames)(uniquemember=%s))

The user DN returned from the initial search (for authentication) is substituted for the %s in

this statement.

Step 3. Specify some additional options for this LDAP server:

a. The timeout value specifies the length of time the 700wl Series system waits for a response

to an authentication request before it abandons the request. The default is 120 seconds. You

can change this as appropriate for your situation.

b. If your LDAP server is configured to use SSL, the 700wl Series system can use SSL to

communicate with it. This is recommended if you are going to use User binding, where the

700wl Series system sends the user password to the LDAP server. Click the first check box

to use SSL.

c. If your LDAP server is based on LDAP v2, click the second check box. By default, the 700wl

Series system assumes LDAP v3.

Step 4. Specify the Bind Method for this server.

If the iPlanet directory service is using the default configuration, you must specify user binding.

However, it can be configured for non-user binding.

For User Binding (the default):