LDAP external authentication service - AVOCENT HMX MANAGER VERSION 6.X INSTALLER/USER GUIDE

To add an LDAP external authentication service: 1. Click theUserstab.

2. ClickAuthentication Servicesin the top navigation bar. The User Authentication Services window will open.

3. ClickAdd. The Add Authentication Service Wizard will appear. Click Next. 4. The Provide Authentication Service Name and Type window will open.

a. Type a name for the external authentication service. b. SelectLDAPfrom the Type menu.

c. ClickNext.

5. The Specify LDAP Connection Settings window will open.

a. Type the address of the LDAP host in dot notation format (xxx.xxx.xxx.xxx) or type the DNS host name in the Host Address field.

b. Type the number of the port for connecting to the LDAP host in the Port Number field. c. Specify an SSL encryption mode:

• ClickDo Not Use SSLto have authentication performed using unencrypted clear text instead of SSL encryption. This method is the least secure and automatically sets the Port Number field to a default port number of 389.

• ClickUse SSL in Trust All Modeto use SSL encryption for data transmission. All server certificates will be trusted and automatically accepted by the HMX Manager for transmitting data. This SSL method provides medium security and automatically sets the Port Number field to a default port number of 636.

This encryption mode is not recommended for wide area networks (WANs).

• ClickUse SSL in Certificate-based Trust Modeto use SSL encryption for data transmission. The HMX Manager will approve the server and then the certificate before transmitting data. This SSL method provides maximum security and automatically sets the Port Number field to a default port number of 636.

d. ClickEnable Chasing of Referralsif you wish to allow the LDAP server to refer HMX Manager clients to additional directory servers.

e. ClickNext.

If you selectedUse SSL in Certificate-based Trust Mode, go to step 6. If you selectedDo Not Use SSLorUse SSL in Trust All Mode, go to step 10.

6. The HMX Manager server will try to find a server that has a trusted certificate chain. If no trusted certificate chain is found, then the Accept Certificate window will open and list all servers that belong to the domain. It will also list the reasons for rejection of the certificate chain.

8. The Specify LDAP User Schema window will open.

a. Type the Base distinguished name (DN) from which to begin searches. This is a required field unless the Directory Service has been configured to allow anonymous search. Each Search DN value must be separated by a comma.

b. Type the key attribute. The default value is common name (cn). c. Type the object class. The default value is person.

d. Type the full name attribute. The default value is surname (sn). e. ClickNext.

9. The Specify LDAP Group Schema window will open.

b. Type the object class. The default value is group. c. Type the member attribute. The default value is member.

d. Type the username member attribute (only the username, not the full LDAP object DN). The user’s group membership will be located using this attribute in addition to the member attribute. This attribute is primarily used with NIS-like schemas.

e. ClickNext.

10. The Select Browsing Method window will open.

ClickBrowse Anonymouslyto browse users on the external LDAP authentication server. -or-

ClickBrowse with user credentialsto browse users on the external LDAP authentication based on credentials configured on the server. If this option is selected, do the following:

a. Type a log in ID in the User Name field, in one of two forms: a fully qualified distinguished name or the username of an account in the base user DN.

b. Type the password for the LDAP user account in the Password field. c. ClickNext.

11. The Establish Connection with Authentication Service window will open briefly. If the external authentication service is added successfully, the Completed Successful window will open. 12. ClickFinish. The User Authentication Services window will open with the new service listed. To change connection settings for the LDAP external authentication service:

1. Click theUserstab.

2. ClickAuthentication Servicesin the top navigation bar. The User Authentication Services window will open.

3. Click the name of the LDAP service. The side navigation bar will change to include the name of the LDAP service at the top and, below the name, the information you may define.

4. ClickConnectionin the side navigation bar. The Authentication Service Connection Settings - LDAP window will open.

5. Type a name in the Service Name field to change the name of the service that appears in the Name column of the User Authentication Services window.

6. Type the address of the LDAP host, in dot notation format (xxx.xxx.xxx.xxx) in the Host Address field. 7. Type the number of the port you wish to use for connecting to the LDAP host in the Port Number field. 8. Specify a Secure Socket Layer (SSL) Encryption mode:

9. ClickSaveto save your changes.

If you selectedUse SSL in Certificate-based Trust Mode, the Certificates heading will appear in the side navigation bar. Go to step 8.

If you selectedDo Not Use SSLorUse SSL in Trust All Mode, go to step 15.

10. ClickCertificates. The Authentication Service Certificate Management - LDAP window will open and list all servers that belong to the domain. A status of Trusted indicates the certificate is trusted, based on the certificate policy; Untrusted indicates the certificate cannot be trusted.

11. To register certificates, click the checkbox to the left of the server IP address(es). To select all server IP addresses on the page, click the checkbox to the left of the IP Address heading.

12. ClickRegisterto register the certificates. The Accept SSL Certificate window will appear.

13. ClickSaveto store the certificate values to the HMX ManagerHMX ManagerHMX ManagerHMX ManagerHMX Manager database on the host.

The Certificate Management window will open if only one certificate was selected. If more than one certificate was selected, each will appear in order in subsequent Accept SSL Certificate windows.

14. To unregister one or more certificates, check the checkbox to the left of the server IP address(es). To select all server IP addresses on the page, click the checkbox to the left of the IP Address heading.

15. ClickUnregisterto unregister the certificates.

16. A confirmation message box will appear. Confirm or cancel the operation. 17. ClickClose. The User Authentication Services window will open.

To change user schema settings for the LDAP external authentication service: 1. Click theUserstab.

2. ClickAuthentication Servicesin the top navigation bar. The User Authentication Services window will open.

3. Click the name of the LDAP service. The side navigation bar will change to include the name of the LDAP service at the top and, below the name, the information you may define.

4. ClickSchemain the side navigation bar.Userswill automatically be selected and the Authentication Service User Schema - LDAP window will open.

5. Type the Base distinguished name (DN) from which to begin searches. This is a required field unless the Directory Service has been configured to allow anonymous search. Each Search DN value must be separated by a comma.

6. Type the key attribute. The default value is common name (cn). 7. Type the object class. The default value is person.

8. Type the full name attribute for the user. The default value is surname (sn).

9. ClickSaveand then clickClose. The User Authentication Services dialog box will appear. To change group schema settings for the LDAP external authentication service: 1. Click theUserstab.

2. ClickAuthentication Servicesin the top navigation bar. The User Authentication Services window will open.

3. Click the name of the LDAP service. The side navigation bar will change to include the name of the LDAP service at the top and, below the name, the information you may define.

4. ClickSchemain the side navigation bar, and then clickGroups. The Authentication Service Group Schema - LDAP window will open.

5. Type the Base distinguished name (DN) from which to begin searches. This is a required field unless the Directory Service has been configured to allow anonymous search.

6. Type the object class. The default value is groupOfNames. 7. Type the members attribute. The default value is member.

8. Type the username member attribute (only the username, not the full LDAP object DN). The user’s group membership will be located using this attribute in addition to the member attribute. This attribute is primarily used with NIS-like schemas.

9. ClickSaveand then clickClose. The User Authentication Services dialog box will appear. To change user browsing settings for the LDAP external authentication service: 1. Click theUserstab.

2. ClickAuthentication Servicesin the top navigation bar. The User Authentication Services window will open.

3. Click the name of the LDAP service. The side navigation bar will change to include the name of the LDAP service at the top and, below the name, the information you may define.

4. ClickUser Browsingin the side navigation bar. The Authentication Service User Browsing - LDAP window will open.

5. ClickBrowse Anonymouslyto browse users on the external LDAP authentication server. -or-

ClickBrowse with User Credentialsto browse users on the external LDAP authentication based on credentials configured on the server. If this option is selected, do the following:

a. Type a log in ID in the User Name field, in one of two forms: a fully qualified distinguished name or the username of an account in the base user DN.

b. Type the password for the LDAP user account in thePasswordfield.

6. ClickSaveand then clickClose. The User Authentication Services dialog box will appear.

In document AVOCENT HMX MANAGER VERSION 6.X INSTALLER/USER GUIDE (Page 74-78)