3PAR InForm® OS 2.2.4 CLI Administrator's Manual (320-200113 Rev A, March 2009)
4.29
LDAP Connection on Systems Using Domains
InForm OS Version 2.2.4 3PAR InForm OS CLI Administrator’s Manual
In the example above:
User 3PARuser is found to be a member of the software group and is assigned super
level privileges within the system.
Although 3PARuser is also a member of the engineering and hardware groups, the
super privilege associated with the Software group supersedes the edit and browse
privileges associated with the
engineering and software groups.
The mapping rules set for 3PARuser are applied to all members of the software,
engineering, and hardware groups; all software group members have super
privileges within the system, all
engineering group members have edit privileges within
the system, and all
hardware group members have browse privileges within the system.
4.4 LDAP Connection on Systems Using Domains
LDAP is also available for systems using 3PAR Virtual Domains for access control. The
configuration process is nearly identical to configuring LDAP on non-domain systems, with the
only difference being an additional authorization step to map a user’s group to a domain. For
information about LDAP and domains, see Chapter 4, LDAP, in the InForm OS Concepts Guide.
To configure your InServ Storage Server to use an Active Directory LDAP server using SASL
binding, the following process must be performed (detailed instructions follow):
Configure connection parameters using the following commands:
setauthparam ldap-server <IP_address>
setauthparam ldap-server-hn <DNS_HostName>
setauthparam kerberos-realm <LDAP_ServiceName>
Configure binding (authentication) parameters using the following commands:
setauthparam binding sasl
setauthparam sasl-mechanism <SASL_type>
Configure account location parameters using the following commands:
setauthparam accounts-dn <DN_path>
setauthparam account-obj user