Manualshelf

HP 3PAR StoreServ Concepts Guide: HP 3PAR OS 3.1.3

ManualsBrandsHP ManualsSoftwareHP 3PAR Operating System Software
21222324252627282930
3 Lightweight Directory Access Protocol
Overview
The LDAP is a standard protocol for communication between LDAP clients and LDAP directory
servers. Data is stored as a directory hierarchy by the server, and clients add, modify, search, or
remove the data. The data can be organized by using standard schemas understood by clients
and servers from different vendors or by using an application-specific schema that is used only by
a particular vendor or application.
The HP 3PAR OS contains an LDAP client that can be configured to use an LDAP server for
authentication and authorization of system users. In an environment where there are multiple systems
configured to use the same LDAP server in the same way, a single user with access to one system
server can access all of the systems in the environment.
Accessing objects on systems configured to use HP 3PAR Virtual Domains Software requires access
to the domain in which those objects reside. The configuration of domains may differ from one
system installation to the next. This results in differing levels of access to objects based on mapping
between the LDAP configuration and domain configuration of the individual system.
The HP 3PAR LDAP client is designed to work with various LDAP servers and schemas for data
organization. The Active Directory LDAP directory implementation is currently supported for use
by the HP 3PAR LDAP and Red Hat Enterprise Server 5.5 client.
You can configure the HP 3PAR OS to use LDAP only by using the HP 3PAR CLI. See the HP 3PAR
OS CLI Administrator’s Manual for instructions on performing these tasks.
NOTE: All LDAP-related tasks are performed with the HP 3PAR CLI.
Active Directory
Active Directory is an implementation of LDAP directory services by Microsoft for use in Windows
environments. An Active Directory server is both an LDAP and Kerberos server. The Active Directory
server and Kerberos server are used for both authorization and authentication of users when Active
Directory is set up for SASL binding (see “SASL Binding” (page 23)).
OpenLDAP
OpenLDAP is an open source implementation of LDAP directory services developed by the OpenLDAP
Project. OpenLDAP includes a server, client library, and tools that are available for a wide variety
of operating systems. Different schemas can be used for user and group information with OpenLDAP.
For example, the Posix schema is typically used for user and group information in Linux/Unix
systems.
LDAP Users
Users created with the HP 3PAR CLI who access the system using HP 3PAR CLI clients, or with SSH,
are authenticated and authorized directly on the system. These users are referred to as local users.
An LDAP user is similar to a local user; however, an LDAP user is authenticated and authorized
using information from an LDAP server.
During authentication, if a user name is not recognized as a local user, that user’s name and
password are checked on the LDAP server. The local user’s authentication data takes precedence
over the user’s LDAP authentication data. User names not associated with local user names are
authenticated using LDAP data.
Additionally, for local users, the password supplied by the user during authentication must match
the password assigned when that user was initially created or modified. The rights assigned to the
user during authorization are the same rights associated with the user role that was assigned when
that user was initially created or modified. For additional information about user roles and rights,
Overview 21