Neoview User Management and Security Administration Guide (R2.5)

ManualsBrandsHP ManualsSoftwareHP Neoview Release 2.5 Software

The default configuration provided with the Neoview platform does not provide an initial

value. You may use the ALTER SERVER command for a particular server to specify the

appropriate configuration description file name, or identify a default by specifying default

as the domain name.

Encryption

Indicates whether a Transport Layer Security (TLS) or Secure Sockets Layer (SSL) interface

is used for access to this LDAP server.

Permissible values are as follows:

• SSL means to use SSL.

• TLS means to use TLS.

• NONE means to use neither TLS nor SSL. In this case, communications between the

Neoview platform and the LDAP server will not be encrypted.

The value you supply must be consistent with the configuration of the port on the remote

LDAP server.

If you use TLS or SSL, you must provide the filename of a CA certificate as the value of

CAcert.

The initial value in the default configuration, as provided with the software release, is NONE.

However:

• In NCI, you can use the ALTER SERVER command to specify a different value for any

server or domain; to specify a default value, use the ALTER SERVER command specifying

default as the domain name.

• HPDM lets you specify the encryption option for every server you define. If you do not

specify a value, the default value is NONE.

CAcert

The name of a text file that contains a certificate obtained from a directory Certification

Authority (CA). This certificate is used as the digital signature for the connection between

the LDAP daemon and the LDAP server. This attribute is required if the Encryption attribute

has a value prescribing the use of SSL or TLS.

The filename indicates the path to a text file on the workstation. That file must exist and can

contain a maximum of 4096 characters. If you specify a relative pathname, NCI or HPDM

looks for the file in the current working directory of the user.

If you specify this value in the INFO SERVER command, the contents of the file are

overwritten. If you do not specify it, the contents of the certificate are written to standard

output.

The default configuration does not provide an initial value. However:

• In NCI, you can use the ALTER SERVER command to specify a different value for any

server or domain; to specify a default value, use the ALTER SERVER command specifying

default as the domain name.

• HPDM lets you specify the certificate for every server you define. You must specify a

certificate if you specified SSL or TLS as the Encryption Option. You can either import

a file or paste the contents into a text box in the Add Directory Server of Edit Directory

Server dialog.

Directory Server Configuration Examples

The following examples show several different ways to configure LDAP servers on Neoview.

Single Server Configuration Entry

The following simple example defines a single directory server entry, which you could configure

either in NCI or in HPDM. A configuration like this might be typical for Sun LDAP or an

openLDAP-compliant directory.

82 LDAP Server Configuration on Neoview