HP-UX AAA Server A.07.01 Administrator's Guide
NOTE: The following procedures are required if your user entries are using attributes
defined in the aaaPerson object class. If you are only storing user profiles based on the
core LDAP inetOrgPerson object class (to retrieve the user ID and password), the
following procedures are not necessary.
The HP-UX AAA Server LDAP Schema
The HP-UX AAA Server LDAP schema consists of the aaaPerson object class and a
set of LDAP attributes utilized by aaaPerson. Note that while the AAA LDAP schema
is not mandatory, it is useful for providing commonly used RADIUS functionality.
The following LDAP attributes are included in the AAA Server LDAP Schema:
Table 17-1 The HP-UX AAA Server LDAP Schema
DescriptionLDAP Attribute
RADIUS Check items in A-V pair string format.
aaacheck
RADIUS Deny items in A-V pair string format.
aaadeny
RADIUS Reply attributes in A-V pair string format.
aaareply
User name*.
user-id
User password. If not present, userpassword from inetOrgPerson
is used.
user-password
* Can be specified by entering User-ID as the search filter in the LDAP client
configuration in the AAA Server manager. If no search filter is specified, theuid attribute
of the ineOrgPerson object class is used.
LDIF files are a text based representation of LDAP data, and are used to import and
export data into an LDAP directory.
The following is an example of an LDIF entry for an AAA Server user profile:
dn: uid=deshen,ou=Groups,dc=chicago,dc=example,dc=com
objectclass: top
objectclass: aaaperson
cn: depakshen
sn: shen
uid: deshen
userpassword: mypass
aaareply: Reply-Message=”Hello, deshen”
aaareply: Session-Timeout=60
aaacheck: NAS-Idenfier=”localnet”
Authentication with LDAP 205