HP Storage Essentials NAS Manager Software User Manual

Storage Essentials 5.1 User Guide 175

The login-handler.xml file contains two sets of <CaseSensitiveUserName> tags: one for

Active Directory and one for LDAP. Make sure you change the value of the
<CaseSensitiveUserName> tags that are children of the <LDAP> tags.

8.

Provide the LDAP search base in which you want the management server to look up AD/LDAP

user attributes. Allow no spaces between commas and put in all components of fully qualified

domain name, for example, hds.usa.com would be DC=hds,DC=usa,DC=com.

The search base is used to specify the starting point for the search. It
points to a distinguished name of an entry in the directory hierarchy.

<SearchBase>

CN=$NAME$,dc=MyCompanyName,dc=COM

</SearchBase>

or:

<SearchBase>

CN=$NAME$,OU=NetworkAdministration,

dc=MyCompanyName,ou=US,dc=COM

</SearchBase>

The management server searches only those users in the company who are part of the

NetworkAdministration organization (OU=NetworkAdministration) and in the United States

(ou=US).

IMPORTANT:

Different LDAP implementations may be using different keynames for CN. The

appropriate key should be mentioned in login-handler.xml. Refer to the documentation

for your LDAP server to determine how to obtain the appropriate keyname. Your keyname

may start with uid instead of CN, for example,: uid=$NAME$,ou=<Optional org
unit if applicable>, dc=windows,dc=hp,dc=com

9.

Save the login-handler.xml file.
The following is an example of a modified login-handler.xml file for use with an LDAP

server. Underlined text is information that was modified:

<?xml version="1.0" encoding="ISO-8859-1"?>
<LoginHandler>
<AdminAccountName>domain\admin</AdminAccountName>
<!-- for the default, using database for authentication -->
<!--LoginHandlerClass>com.appiq.security.server.BasicLoginHandler</LoginHan
dlerClass-->
<!--LoginHandlerType>Default</LoginHandlerType-->
<!-- uncomment the following to enable Active Directory login>
<LoginHandlerClass>com.appiq.security.server.ActiveDirectoryLoginHandler</L
oginHandlerClass>
<LoginHandlerType>ActiveDirectory</LoginHandlerType-->

<ActiveDirectory>
<PrimaryServer port="389">IP address of Primary Domain
Controller</PrimaryServer>
<SecondaryServer>IP Address of Secondary Domain Controller</SecondaryServer>
<ssl>false</ssl>
<ShadowPassword>false</ShadowPassword>
<CaseSensitiveUserName>false</CaseSensitiveUserName>
<!-- provide SearchBase if full name and email attribute are to be
synchronized
between ActiveDirectory and the database.-->
<SearchBase>DC=domain extension1,DC=domain extension2,DC=COM</SearchBase>
<FullNameAttribute>displayName</FullNameAttribute>
<EmailAttribute>mail</EmailAttribute>
</ActiveDirectory>