Using external authentication – HP Identity Driven Manager Software Licenses User Manual
Page 156
3-92
Using Identity Driven Manager
Using the User Import Wizard
Figure 3-62. IDM User Import Wizard, SASL Kerberos V5 Authentication
To set up Kerberos V5 authentication:
1. In the Server field, type the IP address or DNS name of the LDAP server.
2. In the Domain field, type the domain name. It will be used to create a domain in
IDM.
3. Optionally, in the Base DN field, type the Base Distinguished Name. IDM will
search only for users and groups from this node of a directory tree.
4. In the User field, type the user name used to access the LDAP server.
5. In the Password field, type the password associated with the user.
6. In the Config file field, type the complete path and filename of the configuration
file that identifies the domain of the KDC.
7. Click Next to continue to the Extract Users and Groups window.
Using External Authentication
The SASL External authentication window is used to define the external LDAP data
source. External authentication uses an X509 certificate for user authentication. The
LDAP X509 User Certificate must be installed in a keystore on the IDM server, and
the LDAP server’s certificate must be stored in the trust store under your JRE
installation on the IDM server. See page 3-93 for details on importing LDAP X509
User certificates for use with IDM.