Manualshelf

HP XP P9000 Command View Advanced Edition Suite Software 7.6.1-00 Administrator Guide

ManualsBrandsHP ManualsSoftwareHP Command View XP Advanced Edition Enterprise Media Kit
141142143144145146147148149150
When directly specifying information about a Kerberos server (when also linking to an external
authorization server):
auth.server.type=kerberos
auth.group.mapping=true
auth.ocsp.enable=false
auth.ocsp.responderURL=
auth.kerberos.default_realm=EXAMPLE.COM
auth.kerberos.dns_lookup_kdc=false
auth.kerberos.clockskew=300
auth.kerberos.timeout=3
auth.kerberos.realm_name=RealmName
auth.kerberos.RealmName.realm=EXAMPLE.COM
auth.kerberos.RealmName.kdc=kerberos.example.com:88
auth.group.EXAMPLE.COM.protocol=ldap
auth.group.EXAMPLE.COM.port=389
auth.group.EXAMPLE.COM.basedn=dc=Example,dc=com
auth.group.EXAMPLE.COM.timeout=15
auth.group.EXAMPLE.COM.retry.interval=1
auth.group.EXAMPLE.COM.retry.times=20
When using the DNS server to look up a Kerberos server (when also linking to an external author-
ization server):
auth.server.type=kerberos
auth.group.mapping=true
auth.kerberos.default_realm=EXAMPLE.COM
auth.kerberos.dns_lookup_kdc=true
auth.kerberos.clockskew=300
auth.kerberos.timeout=3
About a LDAP search user account
An LDAP search user account is used when an account needs to be authenticated or authorized, or
when searching for information within an LDAP directory server.
In the following cases, you need to register an LDAP search user account on the management server.
When an LDAP directory server is used as an external authentication server and the data structure
is the hierarchical structure model
When an LDAP directory server is used as an external authorization server
#
In cases other than above, this step is not necessary, because LDAP user information is not searched
during authentication and authorization. If a user account used to search for LDAP user information
has been already registered, delete it.
#:
When registering an authorization group in P9000 Command View AE Suite products by using
the GUI, if you want to check whether the distinguished name of the authorization group is re-
gistered on the external authorization server by using a user ID such as the System account re-
Administrator Guide 149