HP Storage Essentials V5.1 Installation Guide Second Edition (Linux Release) (T4283-96055, November 2006)
Managing Security300
• 389 is the port on which LDAP is running on the server.
6. If you want the password to be saved in the management server database, change the value of
the <ShadowPassword> tags to true, as shown in the following example:
<ShadowPassword>true</ShadowPassword>
Saving the passwords in the management server database lets a user still log into the
management server if the management server is changed back to local mode. This, however, is
not recommended as it defeats the purpose of externalizing a user's credentials.
The login-handler.xml file contains two sets of <ShadowPassword> tags: one for Active
Directory and one for LDAP. Make sure you change the value of the <ShadowPassword> tags
that are children of the <LDAP> tags.
7. If you want the user name to be case sensitive, change the value of the
<CaseSensitiveUserName> tag to true, as shown in the following example:
<CaseSensitiveUserName>true</CaseSensitiveUserName>
If you change the value of <CaseSensitiveUserName> to true, the management server
becomes case-sensitive to user names. The management server sees MyUserName and
myusername as different users.
The login-handler.xml file contains two sets of <CaseSensitiveUserName> tags: one for
Active Directory and one for LDAP. Make sure you change the value of the
<CaseSensitiveUserName> tags that are children of the <LDAP> tags.
8. Provide the LDAP search base in which you want the management server to look up AD/LDAP
user attributes. Allow no spaces between commas and put in all components of fully qualified
domain name, for example, hds.usa.com would be DC=hds,DC=usa,DC=com.
The search base is used to specify the starting point for the search. It
points to a distinguished name of an entry in the directory hierarchy.
<SearchBase>
CN=$NAME$,dc=MyCompanyName,dc=COM</SearchBase>
or:
<SearchBase>CN=$NAME$,OU=NetworkAdministration,
dc=MyCompanyName,ou=US,dc=COM
</SearchBase>
The management server searches only those users in the company who are part of the
NetworkAdministration organization (OU=NetworkAdministration) and in the United States
(ou=US).
IMPORTANT: Different LDAP implementations may be using different keynames for CN. The
appropriate key should be mentioned in login-handler.xml. Refer to the documentation
for your LDAP server to determine how to obtain the appropriate keyname. Your keyname
may start with uid instead of CN, for example,: uid=$NAME$,ou=<Optional org
unit if applicable>, dc=windows,dc=hp,dc=com
9. Save the login-handler.xml file.
The following is an example of a modified login-handler.xml file for use with an LDAP
server. Underlined text is information that was modified:
<?xml version="1.0" encoding="ISO-8859-1"?>
<LoginHandler>
<AdminAccountName>domain\admin
</AdminAccountName>