Manualshelf

Management and Configuration Guide (Includes ACM xl) 2005-12

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
81828384858687888990
ProCurve Secure Access 700wl Series Management and Configuration Guide 4-25
Configuring Rights
Retrieving Group Identity Information from MAC Address User Records
Suppose, for each MAC address, an entry exists with attributes similar to the following:
dn: cn=000122034a5b, o=XYZCorp, c=us
cn: 000122034a5b, o=XYZCorp, c=us
sn: 000122034a5b
mymember: Contractors
mymember: DBSpec
Then, do the following:
Step 1. Select Search for MAC Addresses using attribute found in the initial search.
This means that the Rights Manager will use the search string found in the initial search (for
example, the value returned from the
uniqueMember attribute in the MACS record) to search for the
individual MAC address record.
Step 2. Type mymember in the field labeled Identity Information Attribute.
The Rights Manager will look for instances of the attribute mymember, and take the values as
group names. Then, assuming that these names match groups that exist in the Rights Manager,
the MAC address user will be made a member of these groups.
For example, this configuration will return the groups Contractors and DBSpec for MAC Address User
00:01:22:03:4a:5b.
Searching for Groups with MAC Address Users as Members
The second method for retrieving Identity Profile membership assumes that you have multiple group
objects, each of which contains a list MAC address users. Identity Profile membership is retrieved by
searching for each MAC Address, then returning the names of any groups in which that MAC address
was found.
For example, suppose you have a second group in your LDAP database, identified by cn
CONTRACTORS,
also defined with
objectClass=groupofuniquenames, that also contains MAC addresses in instances of
the attribute
uniqueMember.
In this case, do the following:
Step 1. Select Search for MAC Addresses’ assigned Identities.
Step 2. In the Search String field, type a search string to use to find records that contain the MAC
address in a specified attribute.
For example, to search for MAC addresses in the two records discussed in this section (identified
by
cn=MACS and cn=CONTRACTORS) you would use the search string:
(&(objectclass=groupofuniquenames) (uniquemember=%s))
This searches records of class “groupofuniquenames” for an attribute “uniquemember” whose
value matches the current MAC address as retrieved by the initial search.
Step 3. In the Identity Name attribute field, type cn. This returns the value of the cn attribute, which is
the name of the group in which the matching uniquemember was found.
This configuration will return the groups MACS and CONTRACTORS for MAC Address User
00:01:22:03:4a:5b.