3PAR InForm® OS 2.3.1 CLI Administrator's Manual (320-200180 Rev B, February 2010)

4.9

LDAP Connection

InForm OS Version 2.3.1 3PAR InForm CLI Administrator’s Manual

4.3.1 Active Directory LDAP Configuration with SASL Binding

To configure your InServ Storage Server to use Active Directory with SASL binding, the

following process must be performed (detailed instructions follow):

■ Configure connection parameters using the following commands:

◆ setauthparam ldap-server <IP_address>

◆ setauthparam ldap-server-hn <DNS_HostName>

◆ setauthparam kerberos-realm <LDAP_ServiceName>

■ Configure binding (authentication) parameters using the following commands:

◆ setauthparam binding sasl

◆ setauthparam sasl-mechanism <SASL_type>

■ Configure account location parameters using the following commands:

◆ setauthparam accounts-dn <dn_path>

◆ setauthparam account-obj user

◆ setauthparam account-name-attr sAMAccount

◆ setauthparam memberof-attr memberOf

■ Configure group-to-privilege mapping parameters using the following commands:

◆ setauthparam <privilege_map> <group>

■ Test the authentication/authorization for an Active Directory user account:

◆ checkpassword <user_name>

Each step in the process above is discussed in the following sections. Each section is followed by

an example showing the implementation of the instructions described.

As you will see, a single user is used to determine group hierarchies and path structures used in

the system, which are then used to complete the LDAP configuration.

NOTE: The examples used to illustrate the procedures described for Active

Directory LDAP configuration with SASL binding specifically use GSSAPI as the

SASL binding mechanism.