HP Storage Essentials V5.1 Installation Guide Second Edition (Linux Release) (T4283-96055, November 2006)
Storage Essentials 5.1 Installation Guide 297
7. If you want the password to be saved in the management server database, change the value of
the <ShadowPassword> tags to true, as shown in the following example:
<ShadowPassword>true</ShadowPassword>
Saving the passwords in the management server database lets a user still log into the
management server if the management server is changed back to local mode. This, however, is
not recommended as it defeats the purpose of externalizing a user's credentials.
The login-handler.xml file contains two sets of <ShadowPassword> tags: one for Active
Directory and one for LDAP. Make sure you change the value of the <ShadowPassword> tags
that are children of the <ActiveDirectory> tag.
8. If you want the user name to be case sensitive, change the value of the
<CaseSensitiveUserName> tag to true, as shown in the following example:
<CaseSensitiveUserName>true</CaseSensitiveUserName>
If you change the value of <CaseSensitiveUserName> to true, the management server
becomes case-sensitive to user names. The management server sees MyUserName and
myusername as different users.
IMPORTANT: AD servers are not case sensitive for user names so changing this tag to
“true” for AD authentication is not recommended.
The login-handler.xml file contains two sets of <CaseSensitiveUserName> tags: one
for Active Directory and one for LDAP. Make sure you change the value of the
<CaseSensitiveUserName> tags that are children of the <ActiveDirectory> tag.
9. Provide the Active Directory search base in which you want the management server to look up
AD/LDAP user attributes. Allow no spaces between commas and put in all components of fully
qualified domain name, for example, hds.usa.com would be DC=hds,DC=usa,DC=com.
The search base is used to specify the starting point for the search. It points to a distinguished
name of an entry in the directory hierarchy.
<SearchBase> dc=MyCompanyName,dc=COM</SearchBase>
10.Save the login-handler.xml file with your changes.
The following is an example of a modified login-handler.xml file for use with AD server
authentication. Underlined text is information that was modified:
<?xml version="1.0" encoding="ISO-8859-1"?>
<LoginHandler>
<AdminAccountName>domain\primaryuser</AdminAccountName>
<!-- for the default, using database for authentication -->
<!--LoginHandlerClass>com.appiq.security.server.BasicLoginHandler</LoginHan
dlerClass-->
<!--LoginHandlerType>Default</LoginHandlerType-->
<!-- uncomment the following to enable Active Directory login-->
<LoginHandlerClass>com.appiq.security.server.ActiveDirectoryLoginHandler</L
oginHandlerClass>
<LoginHandlerType>ActiveDirectory</LoginHandlerType>
<ActiveDirectory>
<PrimaryServer port="389">IP address of Primary Domain
Controller</PrimaryServer>
<SecondaryServer>IP Address of Secondary Domain Controller
</SecondaryServer>
<ssl>false</ssl>