HP Storage Essentials Enterprise Edition Software User Manual
Page 196
Managing Security
158
Configuring the Management Server to Use Active Directory
By default, AD allows connections with domain\username, instead of with the distinguished name
(DN) used by a generic LDAP server. However, you can use the generic LDAP server setup to
authenticate with AD, as described in ”
Configuring the Management Server to Use LDAP
page 161.
To specify the management server to use AD:
1.
Before switching to AD authentication mode, the management server needs to be configured
with a designated AD user and other AD-specific credentials. At startup, the designated AD user
is mapped to the built-in Admin user and overrides it with the AD user information.
IMPORTANT:
Make sure the administrator account has already been created in AD before
you add it to the login-handler.xml file.
a. On the management server look in one of the following locations:
• Windows: %MGR_DIST%\Data\Configuration
• UNIX systems: $MGR_DIST/Data/Configuration
b. In the login-handler.xml file, change the value of the
the name of a user account in AD, as shown in the following example:
where
PrimaryUser
is the name of the user account that is designated as the
primary user in AD.
For security reasons, it is recommended that the designated user not be the AD Domain
Administrator
2.
In the login-handler.xml file, comment out the section that contains
com.appiq.security.server.BasicLoginhandler
, which enables internal
authentication mode. Only one login handler is allowed at a time.
3.
Comment out the
4.
Uncomment the line containing the class name and login handler type so that it appears as
follows:
5.
Replace directory.hp.com with the IP address or the fully qualified DNS name of your
primary Domain Controller server in the login-handler.xml file, as shown in the following
example:
where
• 192.168.10.1 is the IP address of the primary Domain Controller server running AD.
• 389 is the port on which AD is running on the server.