HP XP P9000 Command View Advanced Edition Suite Software 7.6.1-00 Administrator Guide
When performing user authentication on an LDAP directory server, check which data structure is being
used, because information about the LDAP directory server registered on the management server and
the operations you need to perform on the management server depend on the data structure.
In addition, when performing user authentication or authorization on an LDAP directory server, also
check BaseDN, which is the start point for searching for users. Only user entries that are in the
hierarchies below BaseDN are subject to authentication or authorization.
About the hierarchical structure model
A data structure in which the hierarchies below BaseDN branch off and in which user entries are
registered in another hierarchy.
If the hierarchical structure model is used, the entries in the hierarchy below BaseDN are searched
for an entry that has the same login ID and user attribute value. The following figure shows an example
of the hierarchical structure model.
Figure 27 Example of the hierarchical structure model
The user entries enclosed by the dotted line can be authenticated. In this example, BaseDN is
cn=group,dc=example,dc=com, because the target user entries extend across two departments
(cn=sales and cn=development).
About the flat model
A data structure in which there are no branches in the hierarchy below BaseDN and in which user
entries are registered in the hierarchy located just below BaseDN.
If the flat model is used, the entries in the hierarchy below BaseDN are searched for an entry that has
the DN that consists of a combination of the login ID and BaseDN. If such a value is found, the user
is authenticated. The following figure shows an example of the flat model.
User account management124