HP c-Class manual User mapping

c.Perform an LDAP Bind with the Auth DN and Password, if one is specified. Any errors encountered are displayed at the top of the window.

When finished, click Next Step to display User Mapping.

User mapping

A primary function of the LDAP Provider is to take a username (like jdoe) and password, and verify that the username maps to an entry in the LDAP server, and that the user's LDAP entry along with their password can be used to authenticate to the LDAP directory.

The application gives you two ways to map usernames to LDAP entries: an easy DN Builder (essentially a DN template), and a traditional search-based mapping configuration.

DN Builder

In some LDAP deployments, all users reside in a single, flat container (such as

OU=people,DC=example,DC=com), and all users are named with a common naming attribute (such as UID). In this case, it is easier to use the DN Builder to configure the User Mapping. To map a username such as jdoe to an LDAP entry of UID=jdoe,OU=people,DC=example,DC=com, type UID into the template left field, and OU=people,DC=example,DC=com into the right.

An example DN is shown below the Template fields in the form of

UID=${username},OU=people,DC=example,DC=com. This shows you what the resulting username map will be, where the string "${username}" is replaced with the username entered, when a user attempts to login.

Search

The traditional method of mapping a username to an LDAP entry is to search for the username as a unique value of the entry that represents the user. For example, ActiveDirectory deployments often populate an attribute called sAMAccountName with the username. Other directory deployments might populate the UID attribute with the username.

Enter the DN of the tree branch that is hierarchically above your user entries (for example, OU=people,DC=example,DC=com). If you previously entered a Default Base DN, you can select it from the drop-down list.

For the search filter, you can add one or more attributes to the Search Attributes field and a search filter is automatically created. For example, if your user entries have a UID attribute that holds their unique username, typing UID into the Search Attributes field produces a standard LDAP search filter of (UID=${username}).

If you need a specialized search filter, you can edit it in the Search Filter field. Use the radio buttons to toggle between entering attributes and editing the search filter.

The special token "${username}" is replaced with the name the user is attempting to log in with when the HP IO Accelerator Management Tool performs the authentication.

The Scope should normally be set to Subtree. It can be set to One Level if the users are all in a single container.

Click Next Step to proceed to Role Mapping.

Adding and editing LDAP providers 27