HP Identity Driven Manager Software Series User Manual

3-69

Using Identity Driven Manager

Using the User Import Wizard

Figure 3-52. IDM User Import Wizard, SASL Kerberos V5 Authentication

To set up Kerberos V5 authentication:

1.

In the

Server field, type the IP address or DNS name of the LDAP server.

2.

In the

Domain field, type the domain name. It will be used to create a realm

in IDM.

3.

Optionally, in the

Base DN field, type the Base Distinguished Name. IDM

will search only for users and groups from this node of a directory tree.

4.

In the

User field, type the user name used to access the LDAP server.

5.

In the

Password field, type the password associated with the user.

6.

In the

Config file field, type the complete path and filename of the config-

uration file that identifies the domain of the KDC.

7.

Click

Next to continue to the

Extract Users and Groups

window.

Using External Authentication

The

SASL External authentication

window is used to define the external LDAP

data source. External authentication uses an X509 certificate for user authen-
tication. The LDAP X509 User Certificate must be installed in a keystore on
the IDM server, and the LDAP server’s certificate must be stored in the trust
store under your JRE installation on the IDM server. See page 3-71 for details
on importing LDAP X509 User certificates for use with IDM.