3PAR InForm® OS 2.3.1 Concepts Guide (320-200112 Rev B, February 2010)
4.4
LDAP Server Data Organization
3PAR InForm OS Concepts Guide InForm OS Version 2.3.1
4.3 LDAP Server Data Organization
LDAP server data consists of user information, which includes the user’s group associations.
Data can be previously existing data used for user account information, or can be data created
for specific use with InServ Storage Servers. Data on the LDAP server can be organized in two
different ways:
■ As a list of groups associated with each user.
■ As a list of users associated with each group.
The form in which data is organized is dependent on the type of LDAP server used and the
tools used to maintain the data. Programs such as
ldp.exe, which is a downloadable
Windows Support Tool available from Microsoft, and
ldapsearch, which is available for many
Unix and Linux systems, can be used to view data entries in the LDAP server. This can be useful
when configuring the InForm OS LDAP client with your LDAP server as discussed in Chapter 4,
Managing User Accounts and Connections, in the InForm OS CLI Administrator’s Manual.
4.4 LDAP and Domains
LDAP is also available for InServ Storage Servers using 3PAR Virtual Domains for access control.
As discussed in Chapter 5, 3PAR Virtual Domains, the Domains facility enables finer grain
privileges over system objects such as volumes and hosts. Accessing objects on InServ servers
configured to use 3PAR Virtual Domains requires privileges in the domain in which those
objects reside. Because the configuration of Domains can differ within an InServ Storage
Server, or from one server to another (in configurations with multiple servers), a user can have
differing privileges between domains in a single system, or across multiple systems.
As discussed earlier in LDAP Users on page 4.3, LDAP users must follow a process of
authentication and authorization in order to gain access to the InServ system. With Domains in
use, in addition to authentication with the InServ Storage Server, LDAP users must also be
authorized to access domains set up within the system. For additional information, see LDAP
Authentication and Authorization on page 4.5.
For instructions on setting up LDAP users on systems using Domains, see Chapter 4, Managing
User Accounts and Connections in the InForm OS CLI Administrator’s Manual.