HP XP P9000 Command View Advanced Edition Suite Software 7.6.1-00 Administrator Guide

NOTE:
When a P9000 Command View AE Suite product is in operation, to switch to the system config-
uration linked to an external authorization server, delete any the user ID that has the same name
as the ID registered in Common Component, or change the user name. If the same user name is
registered, when the user logs in to a P9000 Command View AE Suite product, the user is authen-
ticated in Common Component (internal authentication).
Users who belong to nested groups of a registered authorization group can now also use P9000
Command View AE Suite products via the roles (permissions) set for the authorization group.
In Replication Manager, All Resources is automatically assigned as a resource group to users
who belong to authorization groups. If the Modify permission is set for authorization groups, the
Storage Administrator user role is assigned to the users that belong to the authorization groups.
The user role cannot be changed.
To use StartTLS to communicate between the LDAP directory server and the management server,
you need to set up an environment specifically for this purpose to ensure secure communications.
Related topics
Account conditions for P9000 Command View AE Suite products, page 123
About the data structures of user entries, page 123
Registering an external authentication server and an external authorization server, page 126
About a LDAP search user account, page 149
Registering a shared secret, page 153
Checking connections to an external authentication server and an external authorization serv-
er, page 154
Secure communication for Device Manager and Tiered Storage Manager, page 162
Operations on a management client: HP P9000 Command View Advanced Edition Suite Software
User Guide or HP P9000 Replication Manager Software User Guide
Operation workflow for user authentication on a Kerberos server
To perform user authentication on a Kerberos server, you need to register the external authentication
server and the accounts to be authenticated on the management server for P9000 Command View
AE Suite products.
Administrator Guide 121