3PAR InForm® OS 2.2.4 CLI Administrator's Manual (320-200113 Rev A, March 2009)
4.7
LDAP Connection
InForm OS Version 2.2.4 3PAR InForm OS CLI Administrator’s Manual
4.3 LDAP Connection
The InForm OS provides an LDAP client that can be configured to use an LDAP server for
authentication and authorization of InServ Storage Server users. Currently, the only supported
LDAP server implementation is Active Directory.
An LDAP user is similar to a local user, however an LDAP user is authenticated and authorized
using information from an LDAP server. Additionally, LDAP users’ privileges within the system
are tied to the groups to which the users belong.
Authentication is the process of using data from the LDAP server to verify a user’s name and
supplied password. Authorization is the process of using data from the LDAP server to
determine the user’s group membership and, subsequently, privileges in the InServ system. For
detailed information about LDAP authorization and authentication processes, see
Chapter 4, LDAP, in the InForm OS Concepts Guide.
4.3.1 Active Directory LDAP Configuration with SASL Binding
To configure your InServ Storage Server to use Active Directory with SASL binding, the
following process must be performed (detailed instructions follow):
Configure connection parameters using the following commands:
setauthparam ldap-server <IP_address>
setauthparam ldap-server-hn <DNS_HostName>
setauthparam kerberos-realm <LDAP_ServiceName>
Configure binding (authentication) parameters using the following commands:
setauthparam binding sasl
setauthparam sasl-mechanism <SASL_type>
NOTE: At the current time, support for the OpenLDAP directory implementation
with the InServ Storage Server is also available, however, on a limited basis. Check
with your local 3PAR service representative for updates on availability.