HP XP P9000 Command View Advanced Edition Suite Software 7.6.1-00 Administrator Guide

ManualsBrandsHP ManualsSoftwareHP Command View XP Advanced Edition Enterprise Media Kit

141

142

143

144

145

146

147

148

149

150

gistered in P9000 Command View AE Suite products, you need to register a user account used

to search for LDAP user information on the management server.

Conditions for LDAP search user account

Conditions for the LDAP search user account vary depending on the authentication method.

Prepare a user account that satisfies the following conditions on the LDAP directory server.

For LDAP authentication:

• The user account can bind to the DN specified for auth.ldap.auth.server.name-

property-value.basedn in the exauth.properties file

• The user account can search the attributes for all entries below the DN specified for au-

th.ldap.auth.server.name-property-value.basedn in the exauth.properties

file

• The user account can reference the DN specified for auth.ldap.auth.server.name-

property-value.basedn in the exauth.properties file

• The user account can reference the authorization groups that are under the DN specified for

auth.ldap.auth.server.name-property-value.basedn in the exauth.proper-

ties file (when an external authorization server is also linked to)

• The user account can search the attributes of the authorization groups that are under the DN

specified for auth.ldap.auth.server.name-property-value.basedn in the exau-

th.properties file and search the attributes of nested groups of the authorization groups

(when an external authorization server is also linked to)

For RADIUS authentication:

• The user account can bind to the DN specified for auth.group.domain-name.basedn

in the exauth.properties file

• The user account can search the attributes for all entries below the DN specified for au-

th.group.domain-name.basedn in the exauth.properties file

• The user account can reference the DN specified for auth.group.domain-name.basedn

in the exauth.properties file

• The user account can reference the authorization groups that are under the DN specified for

auth.group.domain-name.basedn in the exauth.properties file.

• The user account can search the attributes of the authorization groups that are under the DN

specified for auth.group.domain-name.basedn in the exauth.properties file and

search the attributes of nested groups of the authorization groups

For Kerberos authentication:

• The user account can bind to the DN specified for auth.group.realm-name.basedn in

the exauth.properties file

• The user account can search the attributes for all entries below the DN specified for au-

th.group.realm-name.basedn in the exauth.properties file

• The user account can reference the DN specified for auth.group.realm-name.basedn

in the exauth.properties file

• The user account can reference the authorization groups that are under the DN specified for

auth.group.realm-name.basedn in the exauth.properties file

• The user account can search the attributes of the authorization groups that are under the DN

specified for auth.group.realm-name.basedn in the exauth.properties file and

search the attributes of nested groups of the authorization groups

User account management150