|
HP Enterprise Directory supports a subset of the
Simplified Access Control scheme from the 1993 edition of the standard. This
allows administrators to define policies that control access rights (such as
read, browse, modify, and remove) to entries and individual attributes within a
particular part of the directory (naming context).
HP Enterprise Directory allows for the
authentication of users by name and password. It also allows access to be
restricted based on network address and for chained operations. HP Enterprise Directory v5.4 on
Tru64 UNIX has been certified with the Entrust v5.0 security product.
In addition, HP Enterprise Directory v5.4 supports extensions to the schema object classes and attributes to support the OpenVMS LDAP SYS$ACM Authentication Agent as the first step in enabling
network authentication across an OpenVMS environment.
Authentication
A user is authenticated by a distinguished name and password.
Access control
Certain objects in the directory can have a prescriptive Access Control Information (ACI) attribute. Any subordinate object is protected by
whatever prescriptive ACI protects the relevant branch of the Directory
Information Tree. Combined with the distinguished name of
an authenticated user, a prescriptive ACI can grant these kinds of access:
- Read
- Compare
- Browse
- Add
- Modify
- Remove
- Filter match
- Rename
- Return DN
- Disclose on error
Secure Sockets Layer (SSL)
OpenVMS v7.3-2 and v8.2 offer the ability to use the SSL port negotiated
by LDAPv3. On Tru64 UNIX, this port is available on systems that have the
appropriate SSL object libraries installed.
HP Enterprise Directory v5.4 can use this port.
Trust relationships
You can use NCL to set up a trust relationship between two
DSAs.
|
