Adding and editing ldap providers, Connection – HP IO Accelerator for BladeSystem c-Class User Manual
Page 26
Adding and editing LDAP providers 26
Adding and editing LDAP providers
Adding and editing LDAP providers
You can create multiple LDAP configurations to coordinate with multiple directories deployed within your
organization. This section describes how to add and edit LDAP providers.
To begin, go to Settings > Identity Providers, and then click Add LDAP. The Add LDAP dialog appears.
Adding a new LDAP provider
The Add LDAP window contains four sections: Connection, User Mapping, Role Mapping, and Test LDAP
Settings. Start with the Connection section.
Connection
To create a connection:
1.
Enter a name for the LDAP configuration in the Name field. For example: Corporate Directory.
2.
Enter the hostname (DNS or IP address) and port for the primary LDAP server in the Primary Server
fields. If multiple LDAP servers are used to access the directory, you can enter a secondary hostname
and port in the Backup Mirror field.
For security purposes, HP recommends that you mark the Use SSL check box for your configured LDAP
servers.
The HP IO Accelerator Management Tool does not have a facility for importing the LDAP server public
key. Instead, it automatically trusts the server certificate when performing the SSL handshake.
3.
The default Base DN field is optional. If your users or groups are located below a common branch in
your LDAP tree, enter the DN for that branch here. This field is only used to make it easier to configure
the user mapping and role mappings later.
4.
Enter the timeout period.
The timeout used for making server connections and for searching as specified in the Timeout field. The
HP IO Accelerator Management Tool always uses the smaller of the timeout you specify plus 20
seconds. This prevents the web application from encountering connection timeout problems.
5.
Select the Authentication Required check box to dis-allow anonymous searching. Enter the DN and
Password for the identity that will be used to perform searches in the LDAP directory.
Best security practices call for a "least privileged user" to be created in the LDAP directory and is used
for this purpose. This user is granted rights to perform LDAP search operations in the portions of the tree
where users and groups reside.
The Auth DN and Password are securely stored in the Management Solution, but if the Use SSL check
box is not selected, then these credentials can be seen by others with the use of a network traffic sniffer.
6.
Click Test Connection to ensure that your configuration steps thus far are correct. The test will do the
following:
a.
Connect to the LDAP Servers specified.
b.
Perform a StartTLS operation if the servers have the Use SSL check box selected.