HP 3PAR StoreServ 7400 2-node HP 3PAR Command Line Interface Administrator& - Page 31
dn: CN=3PAR User, OU=Engineering, OU=Users, DC=3par, DC=com, Step 1
View all HP 3PAR StoreServ 7400 2-node manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 31 highlights
The example above corresponds to Step 1, and displays the following: • joadmin is the user name of the NT Windows domain (NTDOM1) administrator searching for group information for user 3PARuser (cn=3PARuser). • dn: CN=3PAR User,OU=Engineering,OU=Users,DC=3par,DC=com displays user locations in the LDAP server directory information tree. system1 cli% setauthparam -f accounts-dn OU=Users,DC=3par,DC=com system1 cli% setauthparam -f account-obj user system1 cli% setauthparam -f account-name-attr sAMAccountName system1 cli% setauthparam -f memberof-attr memberOf The example above corresponds to Step 2 through Step 5. The following can be surmised based on the group information gathered from running the ldapsearch command: • The Users group within the 3par group is set as the basis for any user search when authenticating with the LDAP server. • The values user,SAMAccountName, and memberOf for the account-obj, account-name-attr, and memberof-attr parameters are typical of Active Directory configurations. system1 cli% checkpassword 3PARuser password: + attempting authentication and authorization using system-local data + authentication denied: unknown username + attempting authentication and authorization using LDAP + using Kerberos configuration file: [domain_realm] domaincontroller.3par.com = NTDOM1.3PAR.COM [realms] NTDOM1.3PAR.COM = { kdc = 192.168.10.13 } + temporarily setting name-to-address mapping: domaincontroller.3par.com -> 192.168.10.13 + attempting to obtain credentials for [email protected] + connecting to LDAP server using URI: ldap://192.168.10.13 + binding to user 3PARuser with SASL mechanism GSSAPI + searching LDAP using: search base: OU=Users,DC=3par,DC=com filter: (&(objectClass=user)(sAMAccountName=3PARuser)) for attribute: memberOf + search result DN: CN=3PARuser,OU=Engineering,OU=Users,DC=3par,DC=com + search result: memberOf: CN=Software,CN=Users,DC=3par,DC=com + search result: memberOf: CN=Eng,CN=Users,DC=3par,DC=com + search result: memberOf: CN=Golfers,CN=Users,DC=3par,DC=com + authorization denied: no user groups match mapping rules user 3PARuser is not authenticated or not authorized • The example above corresponds to Step 6, and displays that 3PARuser is a member of the following hierarchy of groups: ◦ Engineering ◦ Software Configuring LDAP Connections 31