User mapping – HP IO Accelerator for BladeSystem c-Class User Manual

Adding and editing LDAP providers 27

c.

Perform an LDAP Bind with the Auth DN and Password, if one is specified.

Any errors encountered are displayed at the top of the window.

When finished, click Next Step to display User Mapping.

User mapping

A primary function of the LDAP Provider is to take a username (like jdoe) and password, and verify that the

username maps to an entry in the LDAP server, and that the user's LDAP entry along with their password can

be used to authenticate to the LDAP directory.
The application gives you two ways to map usernames to LDAP entries: an easy DN Builder (essentially a DN

template), and a traditional search-based mapping configuration.
DN Builder
In some LDAP deployments, all users reside in a single, flat container (such as
OU=people,DC=example,DC=com), and all users are named with a common naming attribute (such as

UID). In this case, it is easier to use the DN Builder to configure the User Mapping. To map a username such

as jdoe to an LDAP entry of UID=jdoe,OU=people,DC=example,DC=com, type UID into the template left

field, and OU=people,DC=example,DC=com into the right.
An example DN is shown below the Template fields in the form of
UID=${username},OU=people,DC=example,DC=com. This shows you what the resulting username

map will be, where the string "${username}" is replaced with the username entered, when a user attempts

to login.
Search
The traditional method of mapping a username to an LDAP entry is to search for the username as a unique

value of the entry that represents the user. For example, ActiveDirectory deployments often populate an
attribute called sAMAccountName with the username. Other directory deployments might populate the UID

attribute with the username.
Enter the DN of the tree branch that is hierarchically above your user entries (for example,
OU=people,DC=example,DC=com). If you previously entered a Default Base DN, you can select it from

the drop-down list.
For the search filter, you can add one or more attributes to the Search Attributes field and a search filter is
automatically created. For example, if your user entries have a UID attribute that holds their unique

username, typing UID into the Search Attributes field produces a standard LDAP search filter of
(UID=${username}).
If you need a specialized search filter, you can edit it in the Search Filter field. Use the radio buttons to toggle

between entering attributes and editing the search filter.
The special token "${username}" is replaced with the name the user is attempting to log in with when the

HP IO Accelerator Management Tool performs the authentication.
The Scope should normally be set to Subtree. It can be set to One Level if the users are all in a single

container.
Click Next Step to proceed to Role Mapping.