3PAR InForm® OS 2.2.4 CLI Administrator's Manual (320-200113 Rev A, March 2009)
4.12
LDAP Connection
3PAR InForm OS CLI Administrator’s Manual InForm OS Version 2.2.4
The example above corresponds to step 2 on page 4.11 through step 5 on page 4.11.
The Users group within the 3par group is set as the basis for any user search when
authenticating with the LDAP server.
The values user, SAMAccountName, and memberOf for the account-obj,
account-name-attr, and memberof-attr parameters are typical of Active Directory
configurations.
InServ1 cli% setauthparam -f accounts-dn OU=Users,DC=3par,DC=com
InServ1 cli% setauthparam -f account-obj user
InServ1 cli% setauthparam -f account-name-attr sAMAccountName
InServ1 cli% setauthparam -f memberof-attr memberOf
InServ1 cli% checkpassword 3PARuser
password:
+ attempting authentication and authorization using system-local data
+ authentication denied: unknown username
+ attempting authentication and authorization using LDAP
+ using Kerberos configuration file:
[domain_realm]
domaincontroller.3par.com = NTDOM1.3PAR.COM
[realms]
NTDOM1.3PAR.COM = {
kdc = 192.168.10.13
}
+ temporarily setting name-to-address mapping: domaincontroller.3par.com ->
192.168.10.13
+ attempting to obtain credentials for 3PARuser@NTDOM1.3PAR.COM
+ connecting to LDAP server using URI: ldap://192.168.10.13
+ binding to user 3PARuser with SASL mechanism GSSAPI
+ searching LDAP using:
search base: OU=Users,DC=3par,DC=com
filter: (&(objectClass=user)(sAMAccountName=3PARuser))
for attribute: memberOf
+ search result DN: CN=3PARuser,OU=Engineering,OU=Users,DC=3par,DC=com
+ search result: memberOf: CN=Software,CN=Users,DC=3par,DC=com
+ search result: memberOf: CN=Eng,CN=Users,DC=3par,DC=com
+ search result: memberOf: CN=Golfers,CN=Users,DC=3par,DC=com
+ authorization denied: no user groups match mapping rules
user 3PARuser is not authenticated or not authorized