3PAR InForm® OS 2.3.1 CLI Administrator's Manual (320-200180 Rev B, February 2010)

4.14
LDAP Connection
3PAR InForm CLI Administrator’s Manual InForm OS Version 2.3.1
The example above corresponds to step 6 on page 4.12, and shows that 3PARuser is a
member of the following hierarchy of groups:
Engineering
Software
Eng
Golfers
In this example, 3PARuser is not yet authenticated or authorized because 3PARuser’s group-
to-privilege mapping has not been configured.
InServ1 cli% checkpassword 3PARuser
password:
+ attempting authentication and authorization using system-local data
+ authentication denied: unknown username
+ attempting authentication and authorization using LDAP
+ using Kerberos configuration file:
[domain_realm]
domaincontroller.3par.com = NTDOM1.3PAR.COM
[realms]
NTDOM1.3PAR.COM = {
kdc = 192.168.10.13
}
+ temporarily setting name-to-address mapping: domaincontroller.3par.com ->
192.168.10.13
+ attempting to obtain credentials for 3PARuser@NTDOM1.3PAR.COM
+ connecting to LDAP server using URI: ldap://192.168.10.13
+ binding to user 3PARuser with SASL mechanism GSSAPI
+ searching LDAP using:
search base: OU=Users,DC=3par,DC=com
filter: (&(objectClass=user)(sAMAccountName=3PARuser))
for attribute: memberOf
+ search result DN: CN=3PARuser,OU=Engineering,OU=Users,DC=3par,DC=com
+ search result: memberOf: CN=Software,CN=Users,DC=3par,DC=com
+ search result: memberOf: CN=Eng,CN=Users,DC=3par,DC=com
+ search result: memberOf: CN=Golfers,CN=Users,DC=3par,DC=com
+ authorization denied: no user groups match mapping rules
user 3PARuser is not authenticated or not authorized