Login authentication

Directory server usage in the Server Setup dialog box must be selected when authenticating Asset Information Manager Subset logins by linking to Active Directory. For details about the settings in the Server Setup dialog box, see 10.2.4 Setting the link with Directory Server.

Setting the link with Directory Server

You must look up the information you need to enter in the Server Setup dialog box before you begin.

Reference note

Finding the information you will need to enter is discussed below.

Log into the computer running Active Directory as a user with administrator permission.
Execute the Active Directory LDIFDE command to output the DN information showing the users who can login.
The command to execute is shown below.
ldifde -u -p Subtree -r "objectclass=user" -l dn -f out11.txt
Information is written to out11.txt as follows.
dn: CN=Administrator,CN=Users,DC=Sample,DC=co,DC=jp changetype: add dn: CN=Guest,CN=Users,CN=Users,DC=Sample,DC=co,DC=jp changetype: add :
Using this information, specify the domain names of the users who will use the Asset Information Manager Subset connection in the Server Setup dialog box's Access user field.
Execute the Active Directory LDIFDE command to output the domain name information of the group to be searched for users when the Asset Information Manager Subset login is authenticated.
The command to execute is shown below.
ldifde -u -p SUBTree -r "(objectclass=organizationalUnit)" -l dn -f out22.txt
Information is written to out22.txt as follows.
dn: OU=Domain Controllers, DC=Sample,DC=co,DC=jp changetype: add dn: OU=people, DC=Sample,DC=co,DC=jp changetype: add dn: OU=hitachi,OU=people, DC=Sample,DC=co,DC=jp changetype: add :
Using this information, specify the domain name of the group to be searched for users when authenticating Asset Information Manager Subset login in the Server Setup dialog box's User information DN field.

Execute the Active Directory LDIFDE command to output the attribute information of the user information to be used for authenticating Asset Information Manager Subset login.
The command to execute is shown below.
ldifde -u -p Subtree -r "cn=Administrator" -f out33.txt
Information is written to out33.txt as follows.

dn: CN=user1,OU=design3,OU=hitachi,OU=people, DC=Sample,DC=co,DC=jp
changetype: add
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: user1
sn: customerA
telephoneNumber: 030303
givenName: user1
distinguishedName:
CN=user1,OU=design3,OU=hitachi,OU=people, DC=Sample,DC=co,DC=jp
instanceType: 4
    :
displayName: customerA user1
uSNCreated: 376915
uSNChanged: 487476
name: user1
uid: user1
mail: a-user1@sample.co.jp
    :

Using this information, specify the attribute name to be used as the user ID when authenticating Asset Information Manager Subset login in the Server Setup dialog box's User ID attribute name field. Also specify the attribute name to be recognized as the user name by Asset Information Manager Subset in the Server Setup dialog box's User name attribute name field.

Note: The only item that can be provided when authenticating login using Active Directory is the password. User group information must be managed in the Asset Information Manager Subset user information.

All Rights Reserved. Copyright (C) 2009, 2013, Hitachi, Ltd.
Copyright, patent, trademark, and other intellectual property rights related to the "TMEng.dll" file are owned exclusively by Trend Micro Incorporated.

10.10.1 Login authentication