Manualshelf

Neoview User Management and Security Administration Guide (R2.5)

ManualsBrandsHP ManualsSoftwareHP Neoview Release 2.5 Software
71727374757677787980
This parameter can occur only once in a configuration description file.
DomainAttributeFormat (Active Directory only)
This parameter is used to specify how to find the domain name in the attribute specified by
DomainAttribute. For example, AD has an attribute called UserPrincipalName (UPN), which
usually contains the user's name and the DNS name of the domain, as in
marychocolate@everest.rescorp.net
This parameter can be defined only in the default configuration or as a Common Parameter in
HPDM and has the format:
DomainAttributeFormat format
where the format specifies where the domain appears in the attribute value. For example
DomainAttributeFormat *@domain.*
would mean that the domain name consists of all text between the first @ symbol and the
subsequent period. The asterisk (*) is a wildcard representing any number of characters.
This parameter can occur only once in a configuration description file. If you don't use
DomainAttribute, this parameter is not meaningful but will not result in an error message.
Configuration Description Examples
The following examples illustrate the use of various parameters in the configuration description
file.
openLDAP Example
In this example, a user who logs on as Scott James has the following DN:
cn=Scott James,ou=users,dc=bellwether,dc=com
If all users have DNs in this format, the configuration description file for the default configuration
could look like this:
directorybase dc=bellwether,dc=com
uniqueidentifier cn,ou=users
No separate configuration description file is needed for any individual directory server. When
Scott James logs on:
1. The LDAP daemon attempts to contact the NeoviewDirectoryServer with the highest usage
priority. If that server is unavailable, the LDAP daemon contacts the NeoviewDirectoryServer
with the next highest priority.
2. After connecting successfully, the LDAP daemon binds to the LDAP server, presenting
Scott's complete DN, constructed by concatenating the uniqueidentifier with the
directorybase, and the password Scott entered in his logon request.
3. The LDAP server either authenticates Scott's credentials or replies with an authentication
failure.
Active Directory Example
In this example, a user who logs on as USA\ScottJames has the following DN:
cn=Scott James,ou=users,dc=USA,dc=bellwether,dc=com
His user and domain names are stored in the attribute userPrincipalName as
ScottJames@USA.bellwether.com.
Common and Server-Specific Configuration Parameters 75