beautypg.com

Editing idm configuration for ldap import – HP Identity Driven Manager Software Series User Manual

Page 159

background image

3-95

Using Identity Driven Manager

Using the User Import Wizard

The remainder of the process for importing users from LDAP Servers is the same as
described for importing users from Active Directories.

Select the Groups and Users to Import to IDM.

Select Users to remove from IDM (if applicable).

Commit the selected groups and users (adds and deletes) to IDM.

Editing IDM Configuration for LDAP Import

The IDM server includes several configuration files that contain information used to
import User information from LDAP files. The default configuration settings will
work if you are using MS Active Directory as the LDAP Server directory. If you are
using any other LDAP directory source (for example Novell eDirectory or Open-
LDAP) you will need to modify the LDAP Directory settings in:

~Program Files\Hewlett-Packard\PNM\server\config\ IDMImportServer-
Comp.scp

Following is an example of the IDMImportServerComp.scp file for reference.
Comments are indicated by “//”.

LDAP_SERVER_CONFIG {

PORT=389 //Port where LDAP server receives bind request.
SSL_PORT=636 // Port where LDAP server receives SSL bind requests.
BATCH_SIZE=50 // Internal to IDM.
COUNT_LIMIT=0 // Internal to IDM.

SASL_CONFIGURATION {
// This section is for SSL configuration: Digest MD5, Kerberos V5 and External.
QOP=auth-conf,auth-int,auth

// Quality of protection. Valid values are 1 and more of “auth-conf”, auth-int”,
“auth” separated by “,”.

ENCRYPTION_STRENGTH=high,medium,low

// Strength of encryption. Valid values are 1 and more of “high”, “medium”,
“low” separated by “,”.

MUTUAL_AUTHENTICATION=true

// If both LDAP server and IDM server wants to authenticate each other.

}

KERBEROS_JAAS_CONFIG {
// This section is for Kerberos authentication method.
KERBEROS_AUTH_MODULE=IDMKerberos
// Kerberos authentication module name. If this entry is changed, you must also
change the module name in idm_kerberos_jass.conf file.