3PAR InForm® OS 2.2.4 CLI Administrator's Manual (320-200113 Rev A, March 2009)
4.31
LDAP Connection on Systems Using Domains
InForm OS Version 2.2.4 3PAR InForm OS CLI Administrator’s Manual
Example using only the domain-name-attr parameter:
The example above corresponds to the first bullet in step 2 on page 4.30. As shown,
name is
the attribute used as the basis of the domain name search.
The example above corresponds to step 3 on page 4.30 and displays the following:
3PARuser is found to be a member of the Software group with edit level privileges. The
Software group is mapped to the Software_Group domain. 3PARuser is assigned edit
level privileges within the Software domain.
InServ cli% setauthparam domain-name-attr name
InServ1 cli% checkpassword 3PARuser
...
+ search result: memberOf: CN=Software,CN=Users,DC=3par,DC=com
+ search result: memberOf: CN=Eng,CN=Users,DC=3par,DC=com
+ search result: memberOf: CN=Golfers,CN=Users,DC=3par,DC=com
+ mapping rule: edit mapped to by CN=Software,CN=Users,DC=3par,DC=com
+ rule match: edit mapped to by CN=Software,CN=Users,DC=3par,DC=com
+ mapping rule: browse mapped to by CN=Eng,CN=Users,DC=3par,DC=com
+ rule match: browse mapped to by CN=Eng,CN=Users,DC=3par,DC=com
+ searching LDAP using:
search base: CN=Software Group,CN=Users,DC=3par,DC=com
filter: (objectClass=group)
for attributes: name
+ search result DN: CN=Software Group,CN=Users,DC=3par,DC=com
+ search result: name: Software Group
+ group "CN=Software Group,CN=Users,DC=3par,DC=com" has potential domain
Software_Group (transformed from "Software Group")
+ searching LDAP using:
search base: CN=Eng,CN=Users,DC=hq,DC=3par,DC=com
filter: (objectClass=group)
for attributes: name
+ search result DN: CN=Eng,CN=Users,DC=hq,DC=3par,DC=com
+ search result: name: Engineering
+ group "CN=Eng,CN=Users,DC=hq,DC=3par,DC=com" has potential domain Engineering
+ domain match: Engineering mapped to browse
+ domain match: Software_Group mapped to edit
user 3PARuser is authenticated and authorized