HP Storage Essentials Enterprise Edition Software manual 201

<SearchBase>CN=$NAME$,OU=NetworkAdministration, dc=MyCompanyName,ou=US,dc=COM</SearchBase>

The management server searches only those users in the company who are part of the NetworkAdministration organization (OU=NetworkAdministration) and in the United States (ou=US).

IMPORTANT: Different LDAP implementations may be using different keynames for CN. The appropriate keyname should be named in login-handler.xml. Refer to the documentation for your LDAP server to determine how to obtain the appropriate keyname. Your keyname may start with uid instead of CN, for example,:

uid=$NAME$,ou=<Optional org unit if applicable>, dc=windows,dc=hp,dc=com

9.Save the login-handler.xml file.

The following is an example of a modified login-handler.xmlfile for use with an LDAP server. Underlined text is information that was modified:

<?xml version="1.0" encoding="ISO-8859-1"?> <LoginHandler> <AdminAccountName>PreferredUser\admin</AdminAccountName> <!-- for the default, using database for authentication -->

<!--LoginHandlerClass>com.appiq.security.server.BasicLoginHandler</LoginHan dlerClass-->

<!--LoginHandlerType>Default</LoginHandlerType-->

<!-- uncomment the following to enable Active Directory login> <LoginHandlerClass>com.appiq.security.server.ActiveDirectoryLoginHandler</L oginHandlerClass> <LoginHandlerType>ActiveDirectory</LoginHandlerType-->

<ActiveDirectory>

<PrimaryServer port="389">IP address of Primary Domain Controller</PrimaryServer>

<SecondaryServer>IP Address of Secondary Domain Controller</SecondaryServer> <ssl>false</ssl>

<ShadowPassword>false</ShadowPassword>

<CaseSensitiveUserName>false</CaseSensitiveUserName>

<!-- provide SearchBase if full name and email attribute are to be synchronized

between ActiveDirectory and the database.-->

<SearchBase>DC=domain extension1,DC=domain extension2,DC=COM</SearchBase> <FullNameAttribute>displayName</FullNameAttribute> <EmailAttribute>mail</EmailAttribute>

</ActiveDirectory>

<!-- uncomment the following for generic LDAP login--> <LoginHandlerClass>com.appiq.security.server.LdapLoginHandler</LoginHandler Class>

<LoginHandlerType>LDAP</LoginHandlerType>

<LDAP>

<!-- same as java.naming.provider.url ldap://ldap.companyname.com:389 -->

<Server port="389">IP address or DNS name of LDAP server</Server> <!-- LDAP env can be added, an example is shown below...

<LDAPEnv

name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</LDAPEn

v> -->

HP Storage Essentials SRM 6.0 User Guide 163