Veritas Storage Foundation 5.1 SP1 Cluster File System Installation Guide (5900-1510, April 2011)
authentication broker. AT supports all common LDAP distributions such as Sun
Directory Server, Netscape, OpenLDAP, and Windows Active Directory.
For a cluster that runs in secure mode, you must enable the LDAP authentication
plug-in if the VCS users belong to an LDAP domain.
See “Enabling LDAP authentication for clusters that run in secure mode”
on page 252.
If you have not already added VCS users during installation, you can add the users
later.
See the Veritas Cluster Server Administrator's Guide for instructions to add VCS
users.
Figure 17-1 depicts the SFCFS cluster communication with the LDAP servers when
clusters run in secure mode.
Figure 17-1
Client communication with LDAP servers
VCS node
(authentication broker)
VCS client
1. When a user runs HA
commands, AT initiates user
authentication with the
authentication broker.
4. AT issues the credentials to the
user to proceed with the
command.
2. Authentication broker on VCS
node performs an LDAP bind
operation with the LDAP directory.
3. Upon a successful LDAP bind,
AT retrieves group information
from the LDAP direcory.
LDAP server (such as
OpenLDAP or Windows
Active Directory)
See the Symantec Product Authentication Service Administrator’s Guide.
The LDAP schema and syntax for LDAP commands (such as, ldapadd, ldapmodify,
and ldapsearch) vary based on your LDAP implementation.
Before adding the LDAP domain in Symantec Product Authentication Service,
note the following information about your LDAP environment:
251Verifying the Storage Foundation Cluster File System installation
About enabling LDAP authentication for clusters that run in secure mode