3PAR InForm® OS 2.2.4 CLI Administrator's Manual (320-200113 Rev A, March 2009)

4.13

LDAP Connection

InForm OS Version 2.2.4 3PAR InForm OS CLI Administrator’s Manual

 The example above corresponds to step 6 on page 4.11, and shows that 3PARuser is a

member of the following hierarchy of groups:

 Engineering

 Software

 Eng

 Golfers

 In this example, 3PARuser is not yet authenticated or authorized because 3PARuser’s group-

to-privilege mapping has not been configured.

4.3.1.4 Configuring Group-To-Privilege Mapping Parameters

Once you have configured the group location parameters, you must now decide what privilege

you wish to assign the users for a given group. To configure group-to-privilege mapping:

1 Issue the

setauthparam <privilege_map> <group> command, where:

 <privilege_map> is one of:

 super-map - provides super level privileges within the specified group.

 service-map - provides service level privileges within the specified group.

 edit-map - provides edit level privileges within the specified group.

 browse-map - provides browse level privileges within the specified group.

 <group> is the group to which the user has membership, as displayed with the

checkpassword command. You can specify multiple groups. For Active Directory, the

group is displayed as a string of information as shown in the following example:

CN=Software,CN=Users,DC=ACME,DC=com

2 Repeat step 1 above if you wish to assign users a different privilege level for another group

to which that user has membership.

3 Issue the

checkpassword command to verify that the users have the privilege(s) you

assigned for the desired group(s). Use a member of a specific group to verify the privilege.