3PAR InForm® OS 2.3.1 CLI Administrator's Manual (320-200180 Rev B, February 2010)

4.8

LDAP Connection

3PAR InForm CLI Administrator’s Manual InForm OS Version 2.3.1

 To set a user’s current domain, issue the setclienv currentdomain <domain_name>

command, where

<domain_name> is the domain you wish to set as the working domain

for the current CLI session.

4.2.6 Removing a User’s Current Domain

To remove a user’s current domain, issue the setclienv currentdomain -unset

command.

4.3 LDAP Connection

The InForm OS provides an LDAP client that can be configured to use an LDAP server for

authentication and authorization of InServ Storage Server users. Currently, the only supported

LDAP server implementation is Active Directory.

An LDAP user is similar to a local user, however an LDAP user is authenticated and authorized

using information from an LDAP server. Additionally, LDAP users’ privileges within the system

are tied to the groups to which the users belong.

Authentication is the process of using data from the LDAP server to verify a user’s name and

the supplied password. Authorization is the process of using data from the LDAP server to

determine the user’s group membership and privileges in the InServ system.

By default, LDAP users cannot store an SSH public key using the InForm CLI

setsshkey

command. Instead, LDAP users can use the

setsshkey command by using the allow-ssh-

key

parameter with the setauthparam command. Assigned privileges, domains, and access

to the InServ system continues as when the setsshkey command was issued, regardless of

any changes to the user’s data in the LDAP server. For more information about using LDAP with

InServ Storage Servers, see the InForm OS Concepts Guide.

NOTE: When issuing the setclienv currentdomain -unset command, you

are not returned to your default domain.