LDAP Server Definition

Use this window to enable LDAP authentication on this HMC, to view LDAP servers that are used by this HMC for LDAP remote authentication, to add LDAP servers, or to remove LDAP servers from this HMC.

The HMC authenticates with LDAP server via anonymous connection.

To use LDAP remote authentication for this HMC, you must complete the following.

• You must enable LDAP authentication from this window.
• You must define an LDAP server to use for authentication by supplying at least a Primary URI for the desired LDAP server.
• You must define the search base (distinguished name tree) for the LDAP server.
• You must set the user profile of each remote user to use LDAP remote authentication instead of local authentication. A user that is set to use LDAP remote authentication will always use LDAP remote authentication, even when the user logs onto the HMC locally. (You do not need to set all users to use LDAP remote authentication. You can set some user profiles so that the users can use local authentication only.)
• You must ensure that a working network connection exists between the HMC and the LDAP servers.

Enable LDAP

Select Enable LDAP to enable LDAP authentication on this HMC, utilizing the LDAP servers listed under Primary URI and Backup URI.

Primary URI

Configure an LDAP server for use in authentication on this HMC by supplying the URI in the one of the following formats:

• Use the format ldap://ldap.example.com to define a server using STARTTLS for SSL encryption.
• Use the format ldaps://ldap.example.com:636 to define a server using LDAP over SSL.
  Note: If you use this format, STARTTLS cannot be enabled.

Backup URI

Configure a backup LDAP server for use in authentication on this HMC by supplying the URI in the one of the following formats:

• Use the format ldap://ldap.example.com to define a server using STARTTLS for SSL encryption.
• Use the format ldaps://ldap.example.com:636 to define a server using LDAP over SSL (SecureLDAP).
  Note: If you use this format, STARTTLS cannot be enabled.

Enable SSL Encryption (STARTTLS)

Select Enable SSL Encryption (STARTTLS) to enable Transport Layer Security on the connection between the HMC and the LDAP server. TLS provides data confidentiality (cannot be read by third parties) and/or data integrity protection (protection from tampering).

Use the following attribute for user login

Define the LDAP attribute used to identify the user being authenticated. The specified field will be compared to the user's user ID to locate the correct record to verify the user's provided password. The default attribute is uid.

Locate by searching the following distinguished name tree

Define the search base (distinguished name tree) in LDAP format, for example: dc=example,dc=com that will be used to locate the user record for the authenticating user.