Configuring external authentication for groups – HP XP Racks User Manual
Page 110
NOTE:
When creating a new account, only the User ID is required for external authentication, and must
match a user ID on the external authentication server. For a local (internal) account, a User ID
and Password are both required. When external authentication is available, new user accounts
created without a password value are automatically configured to use external authentication
(for example, LDAP is selected for you). Fill in the desired fields, and click OK to create the user
account.
3.
If you have selected existing users, click Change Auth. A dialog box is displayed. From the drop
down list, select the desired authentication method (for example, LDAP) and click OK. The user
list will be re-displayed.
4.
Review the Authentication column to verify the authentication method.
On the next login attempt by each user, the users login credentials (user ID and password) will be
validated using the external authentication server.
Configuring external authentication for groups
External authentication systems, such as LDAP (for example, Active Directory), RADIUS, or Kerberos
may be used to authenticate Command View AE Suite user group members as they log in. You can
configure one or more user groups, from one or more external authentication servers.
When linking with an external authentication server, if using together with Active Directory as an
external authorization server, user permissions can be managed by using the Active Directory groups
(authorization groups) registered on the external authorization server. In this case, user permissions
are specified for each group.
•
The Command View AE Suite server must be linked to an external authentication (authorization)
server. See the HP P9000 Command View Advanced Edition Suite Software Administrator Guide.
•
The Command View AE Suite server must be configured to support group authentication, which
activates the Groups folder in the GUI.
•
The Command View AE Suite user group must exist on the external authentication (authorization)
server. It is recommended that domain and group information, as required below, be acquired
from the external authentication server administrator.
1.
From the Administration tab, select Users and Permissions.
2.
Click the Groups folder to display the Domain List. This is a list of external authentication servers
listed by domain name, and host name or IP address.
3.
Select the desired Domain Name to display the Group List, which may be empty ('No Groups'
is displayed). Click Add Groups.
4.
Enter the Distinguished Name for the group. Use Check DN to verify a correct DN entry. Click
Ok to save your group and re-display the Group List. Note that the Group Name is derived from
the entered DN. To specify multiple groups, note that:
• You can add multiple DNs at the same time using the "+" button
• If multiple DNs are listed, you can remove an entry with the "-" button
• Reset clears all DN entries
5.
From the Group List, click the Group Name link, then click Change Permission and set the Com-
mand View AE Suite permissions for the group (repeat this for each new group).
6.
Your groups will now be visible from Administration tab, User Groups. You can affiliate the
groups with resource groups and roles, just like Command View AE Suite user groups. If you
Setting up HP StorageWorks P9000 Command View Advanced Edition Suite
110