Manualshelf

HP-UX AAA Server A.08.02 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software
71727374757677787980
Table 16 Values for Configuring Realms for LDAP (continued)
DescriptionValue
IMPORTANT: With multiple LDAP directory servers, the Filter used for lookups
must be consistent across all directories specified for a particular realm.
Potential filters are uid, User-Id or some other key that uniquely identifies a
subject to be authenticated on the system. Currently, the LDAP module does
not enforce the use of consistent filters, but using inconsistent filters may
produce unpredictable authentication failures.
Authentication Type
AUTO performs a search as the configured Administrator (searches
anonymously if no administrator is configured), anticipating the password
is in the result. It binds as the user if the password is not available. This
mode makes the AAA server flexible in accommodating LDAP directories.
If directories are configured to return passwords with search, AUTO is
equivalent to SEARCH.
BIND binds as the user for authentication.
SEARCH performs a search as the configured Administrator and expects
the user's password in the search result.
8. In the LDAP screen, click Save.
9. Repeat steps 6 and 7 for each redundant directory you wish to use for failover.
10. Complete any remaining optional fields as necessary for your configuration.
11. Click Create.
12. From the navigation tree, click Save Configuration
If you have multiple remote servers you will be prompted to select and confirm which servers
you wish to add the entry to.
Modifying a Directory Configuration
Complete the following steps to modify a directory configuration:
1. On the Local Realms screen, select the name of the directory definition you wish to modify.
2. Change the values if needed.
3. Click Modify.
Deleting a Directory Configuration
Complete the following steps to delete a directory configuration:
1. On the Local Realms screen, select the name of the directory definition you wish to delete.
2. Click Delete.
Tuning the AAA Server to LDAP Server Connection
The AAA server to LDAP server connection can be modified by adding the following entry to /etc/
opt/aaa/aaa.config and then stopping and starting the server:
aatv.ProLDAP
{
Retry-Interval 60
Retry-Wait 1
Timeout 60
TCP-Timeout 3
Configuring Realms for Authentication using an External Server 79