HP Storage Essentials DB Viewer Software, Storage Essentials Standard Edition SRM Software manual 398

9.Provide the AD search base in which you want the management server to look up AD/LDAP user attributes. Allow no spaces between commas and put in all components of fully qualified domain name, for example, hds.usa.com would be DC=hds,DC=usa,DC=com.

The search base is used to specify the starting point for the search. It points to a distinguished name of an entry in the directory hierarchy.

<SearchBase> dc=MyCompanyName,dc=COM</SearchBase>

10.Save the login-handler.xmlfile with your changes.

The following is an example of a modified login-handler.xmlfile for use with AD server authentication. Underlined text is information that was modified:

<?xml version="1.0" encoding="ISO-8859-1"?> <LoginHandler> <AdminAccountName>domain\primaryuser</AdminAccountName> <!-- for the default, using database for authentication -->

<!--LoginHandlerClass>com.appiq.security.server.BasicLoginHandler</LoginHan dlerClass-->

<!--LoginHandlerType>Default</LoginHandlerType-->

<!-- uncomment the following to enable Active Directory login--> <LoginHandlerClass>com.appiq.security.server.ActiveDirectoryLoginHandler</L oginHandlerClass> <LoginHandlerType>ActiveDirectory</LoginHandlerType>

<ActiveDirectory>

<PrimaryServer port="389">IP address of Primary Domain Controller</PrimaryServer>

<SecondaryServer>IP Address of Secondary Domain Controller</SecondaryServer> <ssl>false</ssl>

<ShadowPassword>false</ShadowPassword>

<CaseSensitiveUserName>false</CaseSensitiveUserName>

<!-- provide SearchBase if full name and email attribute are to be synchronized

between ActiveDirectory and the database.-->

<SearchBase>DC=domain extension1,DC=domain extension2,DC=COM</SearchBase> <FullNameAttribute>displayName</FullNameAttribute> <EmailAttribute>mail</EmailAttribute>

</ActiveDirectory>

<!-- uncomment the following for generic LDAP login <LoginHandlerClass>com.appiq.security.server.LdapLoginHandler </LoginHandlerClass> <LoginHandlerType>LDAP</LoginHandlerType>

-->

<LDAP>

<!-- same as java.naming.provider.url ldap://ldap.companyname.com:389 -->

<Server port="389">IP address of LDAP server</Server> <!-- LDAP env can be added, an example is shown below...

<LDAPEnv

name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</LDAPEn

v> --> <ssl>false</ssl> <ShadowPassword>false</ShadowPassword> <CaseSensitiveUserName>false</CaseSensitiveUserName>

<!-- multiple DN entries are allowed, they will be tried one at a time --> <DN>CN=$NAME$,OU=Engineering,DC=HP,OU=US,DC=COM</DN>

<!-- provide FullNameAttribute and EmailAttribute if full name and email attribute

are to be synchronized between LDAP and the database -->

372 Managing Security