Manualshelf

3PAR InForm® OS 2.3.1 Concepts Guide (320-200112 Rev B, February 2010)

ManualsBrandsHP ManualsSoftwareHP 3PAR Operating System Software
31323334353637383940
4.3
LDAP Users
InForm OS Version 2.3.1 3PAR InForm OS Concepts Guide
4.1.2 OpenLDAP
OpenLDAP is an open source implementation of LDAP directory services developed by the
OpenLDAP Project. OpenLDAP includes a server, client library, and tools that are available for a
wide variety of operating systems. Different schemas can be used for user and group
information with OpenLDAP. For example, the Posix schema is typically used for user and
group information in Linux/Unix systems.
4.2 LDAP Users
User’s created with the InForm CLI who access the InServ Storage Server using InForm CLI
clients, or with SSH, are authenticated and authorized directly on the InServ Storage Server.
These users are referred to as local users. An LDAP user is similar to a local user, however an
LDAP user is authenticated and authorized using information from an LDAP server.
During authentication, if a user name is not recognized as a local user, that user’s name and
password are checked on the LDAP server. Users existing as both a local user and LDAP use who
share the same user name, are authenticated by the InServ Storage Server. That is, the local
user’s authentication data takes precedence over the user’s LDAP authentication data. User
names not associated with local user names are authenticated using LDAP data.
Additionally for local users, during authentication, the password supplied by the user must
match the password assigned when that user was initially created or modified. The privileges
assigned to the user during authorization are the same privileges associated with the user class
assigned when that user was initially created or modified. See Chapter 3, InServ Storage Server
Users for additional information about user types and user classes. The LDAP server is not used
for any additional password checking or assigning of privileges.
LDAP users can access the InServ server using the same methods as a local users, although some
user account creation and modification operations are unavailable. LDAP users access is limited
to the system they were logged into when they saved their password. For instructions on using
LDAP with the InServ Storage Server, refer to the 3PAR InForm OS CLI Administrator’s Manual.
Another key difference between local users and LDAP users is that a local user’s privileges
within the InServ system are assigned on a case-by-case basis. An LDAP user’s privileges are
dependent on that user’s group association. In other words, groups are assigned specific
privileges within the InServ system and an individual LDAP user’s privileges are dependent
upon group membership.