2.In the
3.Comment out the <LoginHandlerType>Default</LoginHandlerType> tag as follows:
4.Uncomment the line containing the class name and login handler type so that it appears as follows:
<LoginHandlerClass>com.appiq.security.server.LdapLoginHandler</Login- HandlerClass>
<LoginHandlerType>LDAP</LoginHandlerType>
5.Replace directory.hp.com with the IP address or the fully qualified name of your LDAP server in the
<Server port="389">192.168.10.1</Server>
where
•192.168.10.1 is the IP address of the server running LDAP.
•389 is the port on which LDAP is running on the server.
6.If you want the password to be saved in the management server database, change the value of the <ShadowPassword> tags to true, as shown in the following example:
<ShadowPassword>true</ShadowPassword>
Saving the passwords in the management server database allows a user to also log into the management server if the management server is changed back to local mode. This, however, is not recommended as it defeats the purpose of externalizing a user's credentials.
The
7.If you want the user name to be case sensitive, change the value of the <CaseSensitiveUserName> tag to true, as shown in the following example:
<CaseSensitiveUserName>true</CaseSensitiveUserName>
If you change the value of <CaseSensitiveUserName> to true, the management server becomes
The
8.Provide the LDAP search base in which you want the management server to look up AD/LDAP user attributes. Allow no spaces between commas and put in all components of fully qualified domain name, for example, hds.usa.com would be DC=hds,DC=usa,DC=com.
The search base is used to specify the starting point for the search. It points to a distinguished name of an entry in the directory hierarchy.
<SearchBase>CN=$NAME$,dc=MyCompanyName,dc=COM</SearchBase>
or:
162 Managing Security