3.2.4 Registering LDAP search information
Active Directory linkage uses simple authentication that requires DNs. In addition, LDAP search information is required to search for user information in Active Directory.
LDAP search information includes:
Information specified in the configuration file for external authentication server linkage
LDAP search users
LDAP search information to be registered depends on whether information entries for users who log in to JP1/AO are listed under a DN in the DIT (Directory Information Tree) structure. Therefore, you must first check the DIT structure, and then register LDAP search information. In addition, if you specify to link groups, you need to register LDAP search users, regardless of the DIT structure.
Check the DIT structure and determine the required tasks.
In the DIT structure, if user entries of all users who want JP1/AO link with Active Directory are listed directly under a particular DN, there is no need to register LDAP search users.
The following shows an example of the DIT structure for which there is no need to register LDAP search users.
Figure 3‒1: Example of DIT structure (if there is no need to register LDAP search users) ![[Figure]](GRAPHICS/F0000003.GIF)
In this example, there is no need to register LDAP search users because all user entries are listed directly under one DN (cn=Users,dc=example,dc=com). If there is no need to register LDAP search users, go to step 2.
However, there is an exception even if the condition shown in this example is satisfied. Specifically, if the attribute value of the RDN does not match the JP1/AO user ID in the user entry of the same user, you need to register LDAP search users. In this case, go to step 3.
In the DIT structure, if user entries of users who want JP1/AO link with Active Directory are listed under multiple DNs in Active Directory, you do not need to register LDAP search users.
In a Windows environment, you cannot use Japanese for search user DNs.
The following shows an example of the DIT structure for which you need to register LDAP search users.
Figure 3‒2: Example of DIT structure (if you need to register LDAP search users) ![[Figure]](GRAPHICS/F0000009.GIF)
In this example, you need to register LDAP search users because user entries are listed under two DNs (ou=Washington,dc=example,dc=com and ou=New York,dc=example,dc=com).
If you need to register LDAP search users, go to step 3.
Perform the task applicable if there is no need to register LDAP search users.
Register information in the configuration file for external authentication server linkage according to the following table.
Table 3‒6: Setting in the configuration file for external authentication server linkage (if there is no need to register LDAP search users) Key name
Settings
auth.ldap.server-identifier#.attr
Attribute name of the user entry RDN
auth.ldap.server-identifier#.basedn
DN one layer above the user entry
#: Register the settings defined for the auth.server.name key.
Perform the task applicable if you need to register LDAP search users.
Execute the hcmds64ldapuser command to register LDAP search users.
Register information in the configuration file for external authentication server linkage according to the following table.
Table 3‒7: Setting in the configuration file for external authentication server linkage (if you need to register LDAP search users) Key name
Settings
auth.ldap.server-identifier#.attr
Attribute name with a user ID
auth.ldap.server-identifier#.basedn
DN used as the search base point
#: Register the settings defined for the auth.server.name key.