HP 3PAR StoreServ 7400 2-node HP 3PAR Command Line Interface Administrator& - Page 24
Configuring Binding Parameters, Step 1, Configuring, Account Location Parameters
View all HP 3PAR StoreServ 7400 2-node manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 24 highlights
4. Set the Kerberos realm by issuing the setauthparam kerberos-realm command, where is the value displayed by either using the ldapsearch command or ldp.exe in Step 1. NOTE: The value displayed for the default naming context is used later in "Configuring Account Location Parameters" (page 24). Example: % ldapsearch -LLL -x -H ldap://192.168.10.13 -b "" -s base dnsHostName ldapServiceName defaultNamingContext dn: dnsHostName: domaincontroller.3par.com ldapServiceName: 3par.com:[email protected] defaultNamingContext: DC=3par,DC=com The example above corresponds to Step 1 and displays the following: • The LDAP server's IP address is 192.168.10.13. • The DNS_HostName is domaincontroller.3par.com. • The LDAP_ServiceName is NTDOM1.3PAR.COM. • The defaultNamingContext is DC=3par,DC=com. system1 cli% setauthparam -f ldap-server 192.168.10.13 system1 cli% setauthparam -f ldap-server-hn domaincontroller.3par.com system1 cli% setauthparam -f kerberos-realm NTDOM1.3PAR.COM The example above corresponds to Step 2 through Step 4. Configuring Binding Parameters After you have configured the connection parameters to your LDAP server, you must configure the binding (authentication) parameters for users. 1. Issue the setauthparam binding sasl command. 2. Issue the setauthparam sasl-mechanism command, where is specified as PLAIN, DIGEST-MD5, or GSSAPI. For information on binding types, see "Lightweight Directory Access Protocol" in the HP 3PAR StoreServ Storage Concepts Guide. Example: system1 cli% setauthparam -f binding sasl system1 cli% setauthparam -f sasl-mechanism GSSAPI In the example above, GSSAPI SASL binding is used for authentication. Configuring Account Location Parameters To configure the account location parameters: 1. If you are unsure of the user's account information, select a known user's full name (to be entered as the cn value) and run the ldapsearch command using the defaultNamingContext value previously displayed in "Configuring Connection Parameters" (page 23). Make a note of the group information displayed in the command's output. 2. Issue the setauthparam accounts-dn command. 3. Issue the setauthparam account-obj user command. 24 Managing User Accounts and Connections