HP-UX AAA Server A.08.02 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software

6. In the User Storage Parameters Field, select New LDAP Directory or the name of an existing

LDAP Directory.

7. In the LDAP screen that appears, configure the LDAP directory using the information described

in Table 16.

Table 16 Values for Configuring Realms for LDAP

DescriptionValue

Start of a directory configuration. Give a name to the directory, which can

be an arbitrary string. If the name contains spaces or tabs, the string must be

enclosed in single or double quotes.

Directory Name

Name of the host on which the LDAP directory server runs. The value must be

a fully qualified DNS name, although an IP address also works. Both traditional

Host

IP (IPv4) and IPv6 address formats are supported. The HP-UX AAA Server can

resolve DNS name format entries to IPv4 and IPv6 addresses.

Enter an IPv4 address in dotted-quad notation. Enter an IPv6 address in IPv6

Literal format notation. For example:

IPv4 address — 192.0.2.0

IPv6 address — fedc:ba98:7654:3210

Port number on which the directory server is running. Default value is 389.Port (Optional)

Enables or disables SSL connections between the HP-UX AAA Server and the

LDAP directory. If you are enabling SSL, you must specify the server's CA

Use SSL

certificate path or fully qualified file name in the Server Properties -> ProLDAP

Properties window.

Special user ID used when an authenticated search is allowed on the LDAP

directory server. This administrator does not need to be a real administrator

Administrator

of the LDAP directory server, but must have read access to all the users (and

their passwords). Intended to be authenticated by the AAA server.

Password for Administrator to bind (authenticate) itself to the LDAP directory

server.

Password

Pointer into the directory where the search for users in a realm starts.

Specifying a search base improves server performance by limiting the scope

Search Base

of search operations on user information for a particular realm. A search base

contains a list of A-V pairs that trace a path from a location in the directory's

schema to the top of the directory. For example, a search base of o=hp,

c=US represents a search for one of the users on the following tree:

c=US

____________|_______

o=hp

____________|____________________

| | | |

uid=Joe uid=Bob uid=Dawn uid=Maria

The A-V pairs used depend on the schema of your particular directory server.

NOTE: It is more efficient to start your search lower in the directory structure

rather than higher. HP recommends that you eliminate spaces between Search

Base components (i.e., instead of ou=abc,o=cde, c=us, use

ou=abc,o=cde,c=us).

Filter flag allows authentication to be based either on the LDAP uid attribute,

which normally is CIS, or on the AAA Server User-Id attribute, which is

Filter

normally BIN. User-Id is a AAA Server-specific RADIUS attribute. This optional

flag defaults to uid.

78 Configuring Realms