HP Storage Essentials NAS Manager Software User Manual

Storage Essentials 5.1 User Guide 161

IMPORTANT:

AD servers are not case sensitive for user names so changing this tag to

“true” for AD authentication is not recommended.

The login-handler.xml file contains two sets of <CaseSensitiveUserName> tags: one

for Active Directory and one for LDAP. Make sure you change the value of the
<CaseSensitiveUserName> tags that are children of the <ActiveDirectory> tag.

9.

Provide the Active Directory search base in which you want the management server to look up

AD/LDAP user attributes. Allow no spaces between commas and put in all components of fully

qualified domain name, for example, hds.usa.com would be DC=hds,DC=usa,DC=com.
The search base is used to specify the starting point for the search. It points to a distinguished

name of an entry in the directory hierarchy.

<SearchBase>

dc=MyCompanyName,dc=COM

</SearchBase>

10.

Save the login-handler.xml file with your changes.
The following is an example of a modified login-handler.xml file for use with AD server

authentication. Underlined text is information that was modified:

<?xml version="1.0" encoding="ISO-8859-1"?>
<LoginHandler>
<AdminAccountName>domain\primaryuser</AdminAccountName>
<!-- for the default, using database for authentication -->
<!--LoginHandlerClass>com.appiq.security.server.BasicLoginHandler</LoginHan
dlerClass-->
<!--LoginHandlerType>Default</LoginHandlerType-->
<!-- uncomment the following to enable Active Directory login-->
<LoginHandlerClass>com.appiq.security.server.ActiveDirectoryLoginHandler</L
oginHandlerClass>
<LoginHandlerType>ActiveDirectory</LoginHandlerType>

<ActiveDirectory>
<PrimaryServer port="389">IP address of Primary Domain
Controller</PrimaryServer>
<SecondaryServer>IP Address of Secondary Domain Controller</SecondaryServer>
<ssl>false</ssl>
<ShadowPassword>false</ShadowPassword>
<CaseSensitiveUserName>false</CaseSensitiveUserName>
<!-- provide SearchBase if full name and email attribute are to be
synchronized
between ActiveDirectory and the database.-->
<SearchBase>DC=domain extension1,DC=domain extension2,DC=COM</SearchBase>
<FullNameAttribute>displayName</FullNameAttribute>
<EmailAttribute>mail</EmailAttribute>
</ActiveDirectory>
<!-- uncomment the following for generic LDAP login
<LoginHandlerClass>com.appiq.security.server.LdapLoginHandler
</LoginHandlerClass>
<LoginHandlerType>LDAP</LoginHandlerType>
-->
<LDAP>
<!-- same as java.naming.provider.url

ldap://ldap.companyname.com:389

-

->

<Server port="389">IP address of LDAP server</Server>
<!-- LDAP env can be added, an example is shown below...
<LDAPEnv
name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</LDAPEn