Filter
Top Products
Configuring Authentication
Step 3.
Specify some additional options for this LDAP server:
a. The timeout value specifies the length of time the 700wl Series system waits for a response to
an authentication request before it abandons the request. The default is 120 seconds. You can
change this as appropriate for your situation.
b. If your LDAP server is configured to use SSL, the 700wl Series system can use SSL to
communicate with it. This is recommended if you are going to use User binding, where the
700wl Series system sends the user password to the LDAP server. Click the first checkbox to
use SSL.
c. If your LDAP server is based on LDAP v2, click the second checkbox. By default, the 700wl
Series system assumes LDAP v3.
Step 4. Specify the Bind Method for this server.
If the iPlanet directory service is using the default configuration, you must specify user binding.
However, it can be configured for non-user binding.
For User Binding (the default):
a. Select User bind from the drop-down field
b. Specify the bind string as uid=%s.
c. Check the box Append the base DN to the above bind string or type the base DN directly into
the bind string.
For Non-User binding (if your LDAP server allows this):
a. Select Non-User bind.
b. Check Use the returned password for authentication.
c. Specify the password field. Typically this will be “userPassword”
d.
Specify the encryption method. By default the iPlanet directory service uses SHA.
However, iPlanet returns the encryption method with every record, and the 700wl Series
system uses the method returned in the record if it differs from the method specified in the
Password Encryption field. This allows the 700wl Series system to correctly decrypt
passwords in situations where there may be multiple encryption methods used in a single
database.
e. Select Bind using rootdn/rootpw. You cannot use anonymous binding with these directory
services.
f. Enter the Rootdn and Rootpw for your database.
Step 5. Click Save.
Using Aliasing to Retrieve a DN and Password
If your LDAP database does not use the user’s logon name as the DN, you can use non-User Binding and
aliasing to find the DN and retrieve the password.
To use the Aliasing feature to retrieve a username and password, enter the configuration information
specified in
Table 5-3 or in the procedures detailed in the previous sections for Active Directory and
iPlanet as appropriate for your LDAP server. Make sure you enter the attribute that contains a user’s
logon name in the
Username field.
HP ProCurve Secure Access 700wl Series Management and Configuration Guide 5-15