Setup and Install
Figure 3-17 Windows Active Directory authentication
HP DSS
server
LDAP server
Domain
controller
1. User credentials
(DSMP-encrypted)
6. Authentication user’s
e-mail address
3. Authentication result
(API-encrypted)
2. User credentials
(API-encrypted)
4. LDAP quer
y
5. Query re
sults
Determining the LDAP server bind method for Windows
By default, Active Directory is not configured to accept anonymous queries for information that is
contained in the Active Directory store. When an administrator configures LDAP addressing or
authentication, he or she must decide between changing Active Directory to accept anonymous
queries and configuring DSS to have authenticated access. If Active Directory is configured for
anonymous access, DSS can be configured to do an anonymous LDAP query. If Active Directory is
not configured for anonymous access, DSS must be configured for either Simple or SPNEGO
authentication. Because Active Directory supports SPNEGO for backward compatibility with Windows
clients, it is the preferred method for configuring DSS authentication. SPNEGO authentication uses
either Kerberos or NTLM, depending on the environment.
NOTE: The username and password that are used in the Simple method of authentication are
transmitted over the network in cleartext. This means that this information can be read by anyone
who has access to the data on the network.
To configure Active Directory Services for an anonymous LDAP query
1. Open the Active Directory Users & Computers Microsoft Management Console program.
2. Right-click the Users container and then select Properties.
3. Click the Security tab.
4. Click Add.
5. Select Everyone and then click Add.
6. Click OK.
7. Click Advanced.
72 Chapter 3 Installation and configuration ENWW