Manualshelf

Neoview User Management and Security Administration Guide (R2.5)

ManualsBrandsHP ManualsSoftwareHP Neoview Release 2.5 Software
21222324252627282930
password, and the third is the brace that the ODBC driver will interpret as a delimiter and strip
off.
Use this value in the connection stringIf you want the password to be
“PWD={{4mica1]}}};”{4mica1]}
“PWD={fOrB3}}4&};”fOrB3}4&
LDAP Search User Password
The Neoview LDAP daemon uses an additional password, called the LDAP search user password,
in communication with an LDAP server. The Security Administrator configures this password
(SearchUserPwd) and a corresponding DN (SearchUserDN) when configuring an LDAP
server on Neoview. These credentials come into play when a user logs on and the user's complete
distinguished name (DN) is not available. In this case, the Neoview LDAP daemon:
1. Presents the SearchUserDN and SearchUserPwd to the LDAP server as credentials for
searching the external LDAP directory for user entries.
2. Uses information from the user entry to construct a complete distinguished name (DN) for
the user.
3. Presents the user's DN and password to the LDAP server for authentication.
The LDAP daemon supports, but does not require, the use of Transport Layer Security (TLS) or
Secure Socket Layer (SSL) with a server certificate for communication between the Neoview
platform and the remote LDAP server. If you choose the TLS or SSL option, all passwords and
other data passed between LDAP daemon on Neoview and the LDAP server are encrypted.
NOTE: TLS is an enhanced version of SSL and provides a richer set of options.
For information about configuring the password and specifying the use of TLS or SSL for the
connection, see “LDAP Server Configuration on Neoview” (page 67).
Safe Support
The services ID (the SUPER.SERVICES role) has very limited access to objects in customer
schemas, unless you expressly grant the corresponding privileges to that role, using the SQL
GRANT command. For example, HP Support cannot create a table in any database schema that
you own unless you explicitly grant create privileges to the services ID. For a list of database
privileges available to HP Support, see “Database Privileges for Neoview Roles and Special
Users” (page 132).
Safe support rules apply not only to database objects but also to other operations that might
expose customer data. For example:
Diagnostic tools and memory dumps that could expose application data are secured so the
services ID does not, by default, have access to them. Only a user in the ROLE.SECMGR
role can view or copy a memory dump.
Customer data backed up to a server during Neoview backup and recovery operations is
not accessible to HP Support personnel.
By default, all database access is logged to the Neoview Repository. So is any command to
enable or disable logging.
Please report to your account representative if:
You need to give HP Support access to the SUPER.SUPER role to resolve a problem.
You discover a security loophole that permits unintended access by the SUPER.SERVICES
role
28 Introduction to Security on the Neoview Platform