Using active directory/ldap, For authentication, Using active directory/ldap for authentication – HP Storage Essentials NAS Manager Software User Manual

Managing Security

158

a. Log onto the server running HP Systems Insight Manager.
b. Stop the AppStorManager service if it is started.
c. Enter the following at the command prompt:

C:\> mxpassword -m -x MxDBUserPassword=mynewPass

where mynewPass is your new password for the database.

d. Stop the HP Systems Insight Manager service so that it cannot access the database. It is very

important that the HP Systems Insight Manager service does not access the database before

you are finished with changing the password for the database.

2.

Stop the AppStorManager service.

3.

To access the database utility, go to the %MGR_DIST%\Tools\dbAdmin directory on the

management server and double-click dbAdmin.bat, where [Install_Dir] is the directory

into which you installed the management server.

4.

Click Change Passwords in the left pane.

5.

Select an account name from the User Name combo box.

6.

Type the current password in the Old Password field.

7.

Type the new password in the New Password field.

8.

Retype the password in the Confirm Password field.

9.

Click Change.
The Database Admin Utility changes the password for the specified account.

Using Active Directory/LDAP

for Authentication

The management server supports external authentication through Active Directory (AD) and

Lightweight Directory Access Protocol (LDAP) directory services. When you configure the

management server to use external authentication, user credentials are no longer stored in the

management server database. This configuration centralizes all security related requirements to the

enterprise AD/LDAP infrastructure, such as password expiration, resets, and complexity

requirements.
When a user attempts to log into the management server, the management server authenticates the

user name and password against AD/LDAP for credential verification. If AD/LDAP verifies this user

has the correct credentials, the management server allows this user access to the application.
Keep in mind the following:

•

The login-handler.xml file contains configuration information for Active Directory and

LDAP. It is important you enable either Active Directory or LDAP. You cannot enable both.

•

If you want to go back and forth between internal and external (AD/LDAP) authentication,

rename the login-handler.xml file before you modify it. This way you can easily switch

back to internal authentication by changing the file name back to login-handler.xml.

To use AD/LDAP to authenticate your users, complete the following sections:

•

”

Step 1 - Configure the Management Server to Use Active Directory or LDAP

” on page 159