Neoview User Management and Security Administration Guide (R2.5)
4 LDAP Server Configuration on Neoview
You can configure the Neoview security infrastructure to communicate with any number of
external LDAP servers. HPDM is the preferred interface for configuring the servers because the
interface does not allow you to make certain kinds of possible errors. However, you can also use
NCI commands.
To enable the Neoview platform to communicate with an LDAP server, you must:
1. Create a configuration description file for the LDAP server configuration if you will use NCI
for configuration. If you will use HPDM, you need not create a file, but you do need to
understand the corresponding parameters so you can enter appropriate values in the HPDM
dialogs you use to define directory servers.
2. Obtain a certificate from a Certificate Authority if you wish to use the Secure Socket Layer
(SSL) or Transport Layer Security (TLS) for communication between the Neoview platform
and the external LDAP server.
3. Use a set of HPDM dialogs or a set of commands from the Neoview Command Interface
(NCI) to register the LDAP server on the Neoview platform.
This chapter describes the first and third of these tasks, which are specific to Neoview. For more
detailed information about the HPDM dialogs, see the HPDM Online Help.
NOTE: In many cases, you will have to define multiple LDAP servers. For example, if your
company uses Active Directory with multiple domains, you must configure the global catalog
server and each domain controller that has users who need access to the Neoview database.
Before performing the tasks described in this chapter, you or some other user must already have
completed the post-installation security setup tasks indicated in the “Security Administration
Task Map” (page 29) and described in “Post-installation Security Setup Tasks” (page 33).
Common and Server-Specific Configuration Parameters
In addition to the parameters needed for the Neoview platform to connect to a specific directory
server—parameters such as the host name, port number, and the encryption protocol to use for
connection—you will need to specify parameters that govern LDAP search behavior, for example
a parameter that specifies the part of the DN that uniquely identifies the user on that directory
server. Some of these parameters related to searches are likely to be common across directory
servers or domains, whereas others might vary from server to server or domain to domain.
For example, the parameter UserIdentifierFormat, which specifies how user and domain
names appear in the logon string, is not required to be specified at all, but if you specify it, it
must have the same value for all servers. The parameter UniqueIdentifier, which specifies
the part of the DN that uniquely identifies the user, could in theory be different on different
servers or in different domains.
To make the distinction between shared parameters and server or domain-specific parameters,
HPDM uses the terms Common Parameters and simply Parameters in the various server
configuration dialogs. NCI has the concept of a default configuration. Both the Common
Parameters in HPDM and the default configuration in NCI can include not only parameters
that must be common across servers but also, optionally, values to use by default if no value is
specified when an individual server is configured.
If you use both HPDM and NCI at different times to manage the server configurations, changes
that you make in the Common Parameters part of an HPDM dialog affect the default server
configuration, and conversely, if you use NCI to alter a server configuration, specifying a new
default configuration file, the values in that file will overwrite the values you specified earlier
as Common Parameters in HPDM.
Common and Server-Specific Configuration Parameters 67