Using active directory/ldap, For authentication, Active directory – HP Storage Essentials NAS Manager Software User Manual
Page 201: Using active directory/ldap for authentication
Storage Essentials 5.1 User Guide 169
Using Active Directory/LDAP
for Authentication
The management server supports external authentication through Active Directory (AD) and
Lightweight Directory Access Protocol (LDAP) directory services. When you configure the
management server to use external authentication, user credentials are no longer stored in the
management server database. This configuration centralizes all security related requirements to the
enterprise AD/LDAP infrastructure, such as password expiration, resets, and complexity
requirements.
When a user attempts to log into the management server, the management server authenticates the
user name and password against AD/LDAP for credential verification. If AD/LDAP verifies this user
has the correct credentials, the management server allows this user access to the application.
Keep in mind the following:
•
The login-handler.xml file contains configuration information for Active Directory and
LDAP. It is important you enable either Active Directory or LDAP. You cannot enable both.
•
If you want to go back and forth between internal and external (AD/LDAP) authentication,
rename the login-handler.xml file before you modify it. This way you can easily switch
back to internal authentication by changing the file name back to login-handler.xml.
To use AD/LDAP to authenticate your users, complete the following sections:
•
Step 1 - Configure the Management Server to Use Active Directory or LDAP
•
Step 2 - Restart the AppStorManager Service and Login as the Designated Admin Account
•
Step 3 - Add Users to the Management Server
•
Step 4 - Provide Login Information to Your Users
Step 1 - Configure the Management Server to Use Active Directory or LDAP
You must modify the login-handler.xml file if you want to use Active Directory/LDAP. How you
modify the login-handler.xml file depends on whether you plan to use LDAP or Active
Directory.
See the one of the following sections depending on whether you want to use Active Directory or
LDAP:
•
•
Active Directory
Active Directory allows by default connections with domain\username, instead of the distinguished
name (DN) used by a generic LDAP server. However, you can use the generic LDAP server setup to
authenticate with Active Directory, as described in ”
To specify the management server to use Active Directory, do the following: