Management and Configuration Guide (Includes ACM xl) 2005-12

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

4-24 ProCurve Secure Access 700wl Series Management and Configuration Guide

Configuring Rights

If the MAC address users in your LDAP database do not have identity information kept in the database,

you can save this configuration without specifying any further searches. In this case, when MAC

addresses are retrieved, they will be added to the built-in database with no Identity Profile affiliation.

Identity Profile membership information can be associated with a MAC address in one of two ways:

• If each MAC address has its own record in the database, its group identity information may be kept

as an attribute in the record. The Rights Manager can then search for each MAC address record

using the search string returned in the initial search, and retrieve the group identity information

from the appropriate attribute.

• Additional groups may be used that include MAC addresses as members. The Rights Manager can

then search for groups that contain the MAC address as a member, and return the name(s) of those

groups.

The following examples illustrate this in more detail.

MAC Address Attribute The name of the attribute in the record that contains the individual MAC

addresses, for example, uniquemember. Instances of this attribute should

contain the MAC addresses that are to be added to the built-in database.

Refresh MAC addresses Every The time interval (in days) between automatic refreshes of the MAC address

data from the LDAP

Table 4-6. MAC Address Retrieval, group identity retrieval parameters

Field Description

Search for MAC Addresses

using attribute found in initial

Select this radio button to specify that the attribute entered in the Identity

Information Attribute field below should be used as a search parameter when

searching for MAC addresses.

Identity Information Attribute If Search for MAC Addresses using attribute found in initial search is

selected this field should contain the name of the attribute that contains the

name(s) of the identity or identities.

Search for MAC Addresses’

assigned identities

Select this radio button to specify that the string entered in the Search String

field below should be used as a search parameter when searching for MAC

addresses.

Search String Search string to use to find records that contain the MAC address in a specified

attribute.

For example, the search string:

(&(objectclass=groupofuniquenames) (uniquemember=%s))

searches records of class “groupofuniquenames” for an attribute

“uniquemember” whose value matches the current MAC address as retrieved

by the initial search.

Identity Name Attribute Type the attribute name (for example, cn) who’s value is the name of the group

in which the matching unique member was found.

MAC Addresses have no

identity information

Select this button to indicate that the MAC address users do not have identity

information kept in the LDAP database. This is the default.

Table 4-5. Configuring MAC Address Retrieval, address retrieval parameters

Field Description