HP 3PAR StoreServ 7400 2-node HP 3PAR Command Line Interface Administrator& - Page 25
cn=3PAR User, Step 1
View all HP 3PAR StoreServ 7400 2-node manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 25 highlights
4. Issue the setauthparam account-name-attr sAMAccount command. 5. Issue the setauthparam memberof-attr memberOf command. NOTE: You must know the user's password in order to successfully use the checkpassword command. 6. Issue the checkpassword command to obtain information about the user's group memberships from the LDAP server. Example: % ldapsearch -LLL -x -H ldaps://192.168.10.13 -D 'NTDOM1\joeadmin' -W -b DC=3par,DC=com -s sub '(cn=3PARuser)' dn Enter LDAP Password: dn: CN=3PAR User,OU=Engineering,OU=Users,DC=3par,DC=com The example above corresponds to Step 1, and displays the following: • joadmin is the user name of the NT Windows domain (NTDOM1) administrator searching for group information for user 3PARuser (cn=3PAR User). • dn: CN=3PAR User,OU=Engineering,OU=Users,DC=3par,DC=com displays user locations in the LDAP server directory information tree. system1 cli% setauthparam -f accounts-dn OU=Users,DC=3par,DC=com system1 cli% setauthparam -f account-obj user system1 cli% setauthparam -f account-name-attr sAMAccountName system1 cli% setauthparam -f memberof-attr memberOf The example above corresponds to Step 2 through Step 5. • The Users group within the 3par group is set as the basis for any user search when authenticating with the LDAP server. • The values user, SAMAccountName, and memberOf for the account-obj, account-name-attr, and memberof-attr parameters are typical of Active Directory configurations. system1 cli% checkpassword 3paruser password: + attempting authentication and authorization using system-local data + authentication denied: unknown username + attempting authentication and authorization using LDAP + connecting to LDAP server using URI: ldaps://192.168.10.13 + simple bind to LDAP user 3paruser for DN uid=3paruser,ou=people,dc=ldaptest,dc=3par,dc=com + searching LDAP using: search base: ou=people,dc=ldaptest,dc=3par,dc=com filter: (&(objectClass=posixAccount)(uid=3paruser)) for attributes: gidNumber + search result DN: uid=3paruser,ou=people,dc=ldaptest,dc=3par,dc=com + search result: gidNumber: 2345 + searching LDAP using: search base: ou=groups,dc=ldaptest,dc=3par,dc=com filter: (&(objectClass=posixGroup)(|(gidNumber=2345)(memberUid=3paruser))) for attributes: cn + search result DN: cn=software,ou=groups,dc=ldaptest,dc=3par,dc=com + search result: cn: software + search result DN: cn=engineering,ou=groups,dc=ldaptest,dc=3par,dc=com + search result: cn: engineering Configuring LDAP Connections 25