</LDAP>

</LoginHandler>

When you are done with your changes, the login-handler.xml file, may resemble the following:

<LoginHandler>

<AdminAccountName>domain\primaryuser</AdminAccountName>

<LoginHandlerClass>

com.appiq.security.server.ActiveDirectoryLoginHandler

</LoginHandlerClass>

<LoginHandlerType>ActiveDirectory</LoginHandlerType>

<ActiveDirectory>

<PrimaryServer>IP address of primary domain controller</PrimaryServer>

<SecondaryServer>IP address of secondary domain controller</SecondaryServer>

<ssl>false</ssl>

<ShadowPassword>false</ShadowPassword>

<CaseSensitiveUserName>false</CaseSensitiveUserName>

<SearchBase>DC=MyCompanyName,DC=COM</SearchBase>

<FullNameAttribute>displayName</FullNameAttribute>

<EmailAttribute>mail</EmailAttribute>

</ActiveDirectory>

</LoginHandler>

Configuring the Management Server to Use LDAP

The LDAP server requires a distinguished name (DN) and credentials. The DN can be configured, allowing name substitution and support for multiple DN configurations.

To configure the management server to use LDAP:

1.Before switching to LDAP authentication mode, the management server needs to be configured with a designated LDAP user through the <AdminAccountName> tag. At startup, the designated LDAP user is mapped to the built-in “admin” user and overrides it with the LDAP user information.

IMPORTANT: Make sure the administrator account has already been created in LDAP before you add it to the login-handler.xmlfile.

a.On the management server look in one of the following locations:

Windows: %MGR_DIST%\Data\Configuration

UNIX systems: $MGR_DIST/Data/Configuration

b.In the login-handler.xmlfile, change the value of the <AdminAccountName> tag to the name of a user account in LDAP, as shown in the following example:

<AdminAccountName>Administrator</AdminAccountName>

where Administrator is the name of a user account in LDAP.

HP Storage Essentials SRM 6.0 User Guide 161