Manualshelf

User guide

ManualsBrandsCompaq ManualsComputer equipment400338-001 - KVM Switch
221222223224225226227228229230
LDAP client behavior overview 222
LDAP client behavior overview
In this section
UID masks (simple and complex)............................................................................................................ 222
UID mask for single factor credentials..................................................................................................... 228
UID mask for multiple factor credentials .................................................................................................. 236
UID masks (simple and complex)
The client application login dialog enables you to enter two fields, labeled User name and Password.
Before the HP IP Console Viewer was enhanced with support for directory services integration (LDAP), the
product supported only one form of authentication, which used an internal database. Therefore, there was
no ambiguity about the use of these two fields because the internal database supports only one form of
user name. However, Active Directory supports many types of attributes that could sensibly be used as
credentials for the purposes of authenticating the user of the client application. After an administrator
chooses which Active Directory attributes to use as credentials, the choice is implemented using a feature
of the HP IP Console Switch called the UID Mask. This flexibility engenders several questions:
What are the Active Directory attributes that could sensibly be used as credentials?
How does the value of each of those attributes get set in Active Directory?
How is the UID mask in the Manage Console Switch window used to implement a customer's choice
of credentials?
These questions are addressed in the following subsections.
Active Directory attributes that can be used as credentials
Several attributes that are candidates for use as credentials are defined when a new user account is
initialized in Active Directory. Other candidates are found in the Properties dialog for user objects in
Active Directory. In addition, other candidates are available but not readily accessible in the default
Properties dialog for user objects. For these attributes, it is necessary to use an Active Directory tool, such
as ADSI Editor, to access the attribute and set its value.
Attributes initialized during creation of a new user object
When a new object is created in Active Directory to represent a user, the dialog presented by Active
Directory enables values to be set for the following attribute types:
First Name
Initials
Last Name
Full Name
User Logon Name
User Principal Name
NOTE: This attribute is not explicitly labeled in the dialog used to create a new user object.