HP 3PAR InForm OS 3.1.1 CLI Administrator's Manual

ManualsBrandsHP ManualsSoftwareHP 3PAR Operating System Software

1. Follow the directions as described in the following sections:

a. “Configuring Connection Parameters” (page 27)

b. “Configuring Binding Parameters” (page 29)

c. “Configuring Account Location Parameters” (page 29)

d. “Configuring Group-to-Role Mapping Parameters” (page 31); however, do not issue the

checkpassword command.

2. Configure the group-to-domain mapping parameters, as follows:

• Issue the setauthparam domain-name-attr <attribute> command, where

<attribute> is the name of an attribute that holds the potential domain name. A

common parameter to specify as the <attribute> is name.

• (Optional.) Issue the setauthparam domain-name-prefix <prefix> command,

where <prefix> is the start point of the domain name search within the information returned

from the domain-name-attr <attribute> parameter described above. An example

parameter to specify as the <prefix> is SystemDomain=.

3. Issue the checkpassword command to verify that the users have the role(s) you assigned for

the desired group(s) and the group-to-domain mapping is correct. Use a member of a specific

group to verify the role.

Example using only the domain-name-attr parameter:

system cli% setauthparam domain-name-attr name

The example above corresponds to the first bullet in Step 2. As shown, name is the attribute used

as the basis of the domain name search.

system1 cli% checkpassword 3PARuser

...

+ search result: memberOf: CN=Software,CN=Users,DC=3par,DC=com

+ search result: memberOf: CN=Eng,CN=Users,DC=3par,DC=com

+ search result: memberOf: CN=Golfers,CN=Users,DC=3par,DC=com

+ mapping rule: edit mapped to by CN=Software,CN=Users,DC=3par,DC=com

+ rule match: edit mapped to by CN=Software,CN=Users,DC=3par,DC=com

+ mapping rule: browse mapped to by CN=Eng,CN=Users,DC=3par,DC=com

+ rule match: browse mapped to by CN=Eng,CN=Users,DC=3par,DC=com

+ searching LDAP using:

search base: CN=Software Group,CN=Users,DC=3par,DC=com

filter: (objectClass=group)

for attributes: name

+ search result DN: CN=Software Group,CN=Users,DC=3par,DC=com

+ search result: name: Software Group

+ group "CN=Software Group,CN=Users,DC=3par,DC=com" has potential domain Software_Group

(transformed from "Software Group")

+ searching LDAP using:

search base: CN=Eng,CN=Users,DC=hq,DC=3par,DC=com

filter: (objectClass=group)

for attributes: name

+ search result DN: CN=Eng,CN=Users,DC=hq,DC=3par,DC=com

+ search result: name: Engineering

+ group "CN=Eng,CN=Users,DC=hq,DC=3par,DC=com" has potential domain Engineering

+ domain match: Engineering mapped to browse

+ domain match: Software_Group mapped to edit

user 3PARuser is authenticated and authorized

44 Managing User Accounts and Connections