HP Storage Essentials NAS Manager Software User Manual

Storage Essentials 5.1 User Guide 171

where
• 192.168.10.1 is the IP address of the primary Domain Controller server running Active

Directory.

• 389 is the port on which Active Directory is running on the server.

6.

Replace directory2.hp.com with the IP address or the fully qualified DNS name of your

secondary Domain Controller server, if available.

<SecondaryServer>192.168.10.2</SecondaryServer>

where 192.168.10.2 is the IP address of the secondary Domain Controller server running

Active Directory.

7.

If you want the password to be saved in the management server database, change the value of

the <ShadowPassword> tags to true, as shown in the following example:

<ShadowPassword>true</ShadowPassword>

Saving the passwords in the management server database lets a user still log into the

management server if the management server is changed back to local mode. This, however, is

not recommended as it defeats the purpose of externalizing a user's credentials.
The login-handler.xml file contains two sets of <ShadowPassword> tags: one for Active

Directory and one for LDAP. Make sure you change the value of the <ShadowPassword> tags

that are children of the <ActiveDirectory> tag.

8.

If you want the user name to be case sensitive, change the value of the
<CaseSensitiveUserName> tag to true, as shown in the following example:

<CaseSensitiveUserName>true</CaseSensitiveUserName>

If you change the value of

<CaseSensitiveUserName>

to true, the management server

becomes case-sensitive to user names. The management server sees MyUserName and

myusername as different users.

IMPORTANT:

AD servers are not case sensitive for user names so changing this tag to

“true” for AD authentication is not recommended.

The login-handler.xml file contains two sets of <CaseSensitiveUserName> tags: one

for Active Directory and one for LDAP. Make sure you change the value of the
<CaseSensitiveUserName> tags that are children of the <ActiveDirectory> tag.

9.

Provide the Active Directory search base in which you want the management server to look up

AD/LDAP user attributes. Allow no spaces between commas and put in all components of fully

qualified domain name, for example, hds.usa.com would be DC=hds,DC=usa,DC=com.
The search base is used to specify the starting point for the search. It points to a distinguished

name of an entry in the directory hierarchy.

<SearchBase>

dc=MyCompanyName,dc=COM

</SearchBase>

10.

Save the login-handler.xml file with your changes.
The following is an example of a modified login-handler.xml file for use with AD server

authentication. Underlined text is information that was modified:

<?xml version="1.0" encoding="ISO-8859-1"?>
<LoginHandler>
<AdminAccountName>domain\primaryuser</AdminAccountName>