Configuring the Management Server to Use Active Directory
By default, AD allows connections with domain\username, instead of with the distinguished name (DN) used by a generic LDAP server. However, you can use the generic LDAP server setup to authenticate with AD, as described in ”Configuring the Management Server to Use LDAP” on page 161.
To specify the management server to use AD:
1.Before switching to AD authentication mode, the management server needs to be configured with a designated AD user and other
IMPORTANT: Make sure the administrator account has already been created in AD before you add it to the
a.On the management server look in one of the following locations:
•Windows: %MGR_DIST%\Data\Configuration
•UNIX systems: $MGR_DIST/Data/Configuration
b.In the
<AdminAccountName>domain\PrimaryUser</AdminAccountName>
where PrimaryUser is the name of the user account that is designated as the primary user in AD.
For security reasons, it is recommended that the designated user not be the AD Domain Administrator
2.In the
3.Comment out the <LoginHandlerType>Default</LoginHandlerType> tag as follows:
4.Uncomment the line containing the class name and login handler type so that it appears as follows:
<LoginHandlerClass>com.appiq.security.server.ActiveDirectoryLoginHandler</L
oginHandlerClass>
<LoginHandlerType>ActiveDirectory</LoginHandlerType>
5.Replace directory.hp.com with the IP address or the fully qualified DNS name of your primary Domain Controller server in the
<PrimaryServer port="389">192.168.10.1</PrimaryServer>
where
•192.168.10.1 is the IP address of the primary Domain Controller server running AD.
•389 is the port on which AD is running on the server.
158 Managing Security