HP-UX AAA Server A.08.02 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software

241

242

243

244

245

246

247

248

249

250

21 LDAP Authentication

The Lightweight Directory Access Protocol (LDAP) authentication type provides a method for storing

user profiles on an LDAP server. LDAP servers are useful when managing a large number of user

profiles.

NOTE: You can download Red Hat/Netscape Directory Server for HP-UX from

www.software.hp.com.

LDAP Server Compatibility

The HP-UX AAA Server is designed to interoperate with LDAP Version 3 compliant directories.

Refer to the HP-UX AAA Server Release Notes at http://docs.hp.com on the Internet and Security

Solutions page to see the directory suppliers and versions that are currently certified with the HP-UX

AAA Server.

Related LDAP Documentation

This LDAP documentation assumes that you are familiar with LDAP servers management and

configuration.

For more information on the Red Hat/Netscape Directory Server for HP-UX, go to the Internet and

Security Solutions page at http://docs.hp.com.

For more information on the OpenLDAP Server, including information on downloading the software

go to the Internet Express for HP-UX page at www.hp.com/go/internetexpress.

Authentication with LDAP

The HP-UX AAA Server can utilize one or more LDAP servers to retrieve user profile information

and/or to authenticate the user directly with LDAP by attempting an LDAP directory bind operation

using the user's credentials.

You can specify LDAP authentication on a per realm basis. Each realm can be configured with up

to four redundant LDAP directories, which are used by the server when it performs load balancing

and failover.

Configuring the LDAP Server

On the machine hosting the LDAP server, LDAP configuration files must be modified or created in

order to implement authorization. For security reasons, install the LDAP Server on the same machine

as the HP-UX AAA Server. Alternatively, have both servers on the same secure network, or have

them secured via LDAP/SSL.

NOTE: The following procedures are required if your user entries are using attributes defined in

the aaaPerson object class. If you are only storing user profiles based on the core LDAP

inetOrgPerson object class (to retrieve the user ID and password), the following procedures

are not necessary.

The HP-UX AAA Server LDAP Schema

The HP-UX AAA Server LDAP schema consists of the aaaPerson object class and a set of LDAP

attributes utilized by aaaPerson. Note that while the AAA LDAP schema is not mandatory, it is

useful for providing commonly used RADIUS functionality.

The following LDAP attributes are included in the AAA Server LDAP Schema:

244 LDAP Authentication