Manualshelf

HP 3PAR InForm OS 3.1.1 CLI Administrator's Manual

ManualsBrandsHP ManualsSoftwareHP 3PAR Operating System Software
31323334353637383940
+ search result: cn: engineering
+ search result DN: cn=hardware,ou=groups,dc=ldaptest,dc=3par,dc=com
+ search result: cn: hardware
+ mapping rule: super mapped to by software
+ rule match: super mapped to by software
+ mapping rule: edit mapped to by engineering
+ rule match: edit mapped to by engineering
+ mapping rule: browse mapped to by hardware
+ rule match: browse mapped to by hardware
user 3paruser is authenticated and authorized
The example above corresponds to Step 6, and shows that 3PARuser is a member of the
following hierarchy of groups:
Engineering
Software
Eng
Golfers
In this example, 3PARuser is not yet authenticated or authorized because 3PARuser’s
group-to-role mapping has not been configured.
Configuring Group-to-Role Mapping Parameters
Once you have configured the group location parameters, you must now decide what role you
wish to assign the users for a given group. To configure group-to-role mapping:
1. Issue the setauthparam <map_param> <map_value> command, where:
<map_param> is one of the following:
super-map - provides Super user rights within the specified group.
service-map - provides Service user rights within the specified group.
edit-map - provides Edit user rights within the specified group.
browse-map - provides Browse user rights within the specified group.
create-map - provides Create user rights within the specified group.
basic_edit-map - provides Basic Edit user rights within the specified group.
3PAR_AO-map- provides 3PAR AO user rights within the specified group.
3PAR_RM-map- provides 3PAR RM user rights within the specified group.
<map_value> is the group to which the user has membership. You can specify multiple
groups with multiple <map_value> arguments.
For Active Directory, the group is displayed as a string of information as shown in the
following example:
CN=Software,CN=Users,DC=ACME,DC=com
2. Repeat Step 1 above if you wish to assign users a different role for another group to which
that user has membership.
Configuring LDAP Connections 31