Manualshelf

HP 3PAR InForm OS 3.1.1 CLI Administrator's Manual

ManualsBrandsHP ManualsSoftwareHP 3PAR Operating System Software
21222324252627282930
(-) under the Domain column. Otherwise, the domain to which the object belongs appears under
the Domain column.
To view a user’s connection to the system, issue the showuserconn <ID> <user_name>
<IP_address> command, where:
<ID> is the user’s numeric ID.
<user_name> is the user’s assigned name.
<IP_address> is the user’s IP address.
Refer to the HP 3PAR InForm OS Command Line Interface Reference for details about this command.
Removing User Connections
To terminate a user’s connection to the system, issue the removeuserconn <ID>
<user_name> <IP_address> command, where:
<ID> is the user’s numeric ID.
<user_name> is the user’s assigned name.
<IP_address> is the user’s IP address.
Refer to the HP 3PAR InForm OS Command Line Interface Reference for details about this command.
Configuring LDAP Connections
The InForm OS provides a LDAP client that can be configured to use an LDAP server for
authentication and authorization of system users. An LDAP user is similar to a local user, however
an LDAP user is authenticated and authorized using information from an LDAP server. Additionally,
LDAP users’ rights within the system are tied to the groups to which the users belong.
Authentication is the process of using data from the LDAP server to verify a user’s name and the
supplied password. Authorization is the process of using data from the LDAP server to determine
the user’s group membership and rights in the system.
By default, LDAP users cannot store an SSH public key using the InForm OS CLI setsshkey
command. Instead, LDAP users can use the setsshkey command by using the allow-ssh-key
parameter with the setauthparam command. Assigned rights, domains, and access to the system
continues as when the setsshkey command was issued, regardless of any changes to the user’s
data in the LDAP server. For more information about using LDAP with HP 3PAR Storage Systems,
see the HP 3PAR InForm OS Concepts Guide.
CAUTION: Do not create local and LDAP users with the same name. If local and LDAP users have
the same name it can cause confusion about where access is controlled.
CAUTION: If you are operating in Common Criteria mode, configure LDAP to do simple binding
over SSL. If you must use SASL binding, then only GSSAPI should be used in combination with
SASL. You must also disallow the use of SSH keys for authenticating LDAP users by setting the
allow-ssh-key parameter of the setauthparam CLI command to 0 when configuring the
LDAP server. To learn more about Common Criteria, see the HP 3PAR InForm OS Common Criteria
Administrator’s Reference.
26 Managing User Accounts and Connections