Manualshelf

HP-UX AAA Server A.07.01 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software
919293949596979899100
Table 8-3 Values for Configuring Realms for LDAP (continued)
DescriptionValue
Filter flag allows authentication to be based either on the LDAP uid
attribute, which normally is CIS, or on the AAA Server User-Id
Filter
attribute, which is normally BIN. User-Id is a AAA Server-specific
RADIUS attribute. This optional flag defaults to uid.
IMPORTANT: With multiple LDAP directory servers, the Filter
used for lookups must be consistent across all directories specified
for a particular realm. Potential filters are uid, User-Id or some other
key that uniquely identifies a subject to be authenticated on the
system. Currently, the LDAP module does not enforce the use of
consistent filters, but using inconsistent filters may produce
unpredictable authentication failures.
Authentication Type AUTO performs a search as the configured Administrator
(searches anonymously if no administrator is configured),
anticipating the password is in the result. It binds as the user if
the password is not available. This mode makes the AAA server
flexible in accommodating LDAP directories. If directories are
configured to return passwords with search, AUTO is equivalent
to SEARCH.
BIND binds as the user for authentication.
SEARCH performs a search as the configured Administrator and
expects the user's password in the search result.
8. In the LDAP screen, click Save.
9. Repeat steps 6 and 7 for each redundant directory you wish to use for failover.
10. Complete any remaining optional fields as necessary for your configuration.
11. Click Create.
12. From the navigation tree, click Save Configuration
If you have multiple remote servers you will be prompted to select and confirm
which servers you wish to add the entry to.
Modifying a Directory Configuration
Complete the following steps to modify a directory configuration:
1. On the Local Realms screen, select the name of the directory definition you wish
to modify.
2. Change the values if needed.
3. Click Modify.
Deleting a Directory Configuration
Complete the following steps to delete a directory configuration:
98 Configuring Realms