HP XP P9000 Command View Advanced Edition Suite Software 7.6.1-00 Administrator Guide
Figure 28 Example of the flat model
The user entities enclosed by the dotted line can be authenticated. In this example, BaseDN is
ou=people,dc=example,dc=com, because all of the user entries are located just below
ou=people.
Note, however, that even if the flat model is being used, if either of the following conditions is satisfied,
specify the settings by following the explanation for the hierarchical structure model:
• If a user attribute value other than the RDN attribute value is used as the user ID of a P9000
Command View AE Suite product:
If a user attribute value other than the RDN attribute value (for example, the Windows logon ID)
of a user entry is used as the user ID of a P9000 Command View AE Suite product, you must use
the authentication method for the hierarchical structure model.
• If the RDN attribute value of a user entry includes an invalid character that cannot be used in a
user ID for a P9000 Command View AE Suite product:
When using the authentication method for the flat model, the RDN attribute value of a user entry
functions as the user ID for P9000 Command View AE Suite products. Therefore, if the RDN attribute
value of a user entry includes an invalid character that cannot be used in a user ID of a P9000
Command View AE Suite product, you cannot use the authentication method for the flat model.
Example of a valid RDN:
uid=John123S
cn=John_Smith
Example of an invalid RDN:
uid=John:123S (A colon is used.)
cn=John Smith (A space is used between John and Smith.)
About the BaseDN
BaseDN is the start point for searching for users during authentication or authorization.
Only user entries in the hierarchies below BaseDN are subject to authentication or authorization. In
P9000 Command View AE Suite products, user entries must contain all of the users to be authenticated
or authorized. BaseDN is required when registering information about the LDAP directory server on
the management server.
Administrator Guide 125