Filter
Top Products
Configuring Rights
Identity Profile membership information can be associated with a MAC address in one of two ways:
• If each MAC address has its own record in the database, its group identity information may be kept as
an attribute in the record. The Rights Manager can then search for each MAC address record using the
search string returned in the initial search, and retrieve the group identity information from the
appropriate attribute.
• Additional groups may be used that include MAC addresses as members. The Rights Manager can then
search for groups that contain the MAC address as a member, and return the name(s) of those groups.
Table 4-7. MAC Address Retrieval, group identity retrieval parameters
Field Description
Search for MAC Addresses
using attribute found in initial
search
Select this radio button to specify that the attribute entered in the Identity
Information Attribute field below should be used as a search parameter when
searching for MAC addresses.
Identity Information Attribute If Search for MAC Addresses using attribute found in initial search is
selected this field should contain the name of the attribute that contains the
name(s) of the identity or identities.
Search for MAC Addresses‘
assigned identities
Select this radio button to specify that the string entered in the Search String
field below should be used as a search parameter when searching for MAC
addresses.
Search String Search string to use to find records that contain the MAC address in a specified
attribute.
For example, the search string:
(&(objectclass=groupofuniquenames) (uniquemember=%s))
searches records of class —groupofuniquenames“ for an attribute
—uniquemember“ whose value matches the current MAC address as retrieved
by the initial search.
Identity Name Attribute Type the attribute name (for example, cn) who‘s value is the name of the group
in which the matching uniquemember was found.
MAC Addresses have no
identity information
Select this button to indicate that the MAC address users do not have identity
information kept in the LDAP database. This is the default.
The following examples illustrate this in more detail.
Retrieving Group Identity Information from MAC Address User Records
Suppose, for each MAC address, an entry exists with attributes similar to the following:
dn: cn=000122034a5b, o=XYZCorp, c=us
cn: 000122034a5b, o=XYZCorp, c=us
sn: 000122034a5b
mymember: Contractors
mymember: DBSpec
Then, do the following:
Step 1.Select Search for MAC Addresses using attribute found in the initial search.
4-28 HP ProCurve Secure Access 700wl Series Management and Configuration Guide