HP-UX AAA Server A.07.01 Administrator's Guide
17 LDAP Authentication
The Lightweight Directory Access Protocol (LDAP) authentication type provides a
method for storing user profiles on an LDAP server. LDAP servers are useful when
managing a large number of user profiles.
NOTE: You can download Red Hat/Netscape Directory Server for HP-UX from
www.software.hp.com.
LDAP Server Compatibility
The HP-UX AAA Server is designed to interoperate with LDAP Version 3 compliant
directories. Refer to the HP-UX AAA Server Release Notes at http://docs.hp.com on
the Internet and Security Solutions page to see the directory suppliers and versions
that are currently certified with the HP-UX AAA Server.
Related LDAP Documentation
This LDAP documentation assumes that you are familiar with LDAP servers
management and configuration.
For more information on the Red Hat/Netscape Directory Server for HP-UX, go to the
Internet and Security Solutions page at http://docs.hp.com.
For more information on the OpenLDAP Server, including information on downloading
the software go to the Internet Express for HP-UX page at www.hp.com/go/
internetexpress.
Authentication with LDAP
The HP-UX AAA Server can utilize one or more LDAP servers to retrieve user profile
information and/or to authenticate the user directly with LDAP by attempting an LDAP
directory bind operation using the user's credentials.
You can specify LDAP authentication on a per realm basis. Each realm can be configured
with up to four redundant LDAP directories, which are used by the server when it
performs load balancing and failover.
Configuring the LDAP Server
On the machine hosting the LDAP server, LDAP configuration files must be modified
or created in order to implement authorization. For security reasons, install the LDAP
Server on the same machine as the HP-UX AAA Server. Alternatively, have both servers
on the same secure network, or have them secured via LDAP/SSL.
204 LDAP Authentication