HP 3PAR StoreServ 7400 2-node HP 3PAR Command Line Interface Administrator& - Page 37
groups, the, Although 3PARuser is also a member of
View all HP 3PAR StoreServ 7400 2-node manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 37 highlights
3. Issue the checkpassword command to verify that the users have the roles you assigned for the desired groups. Use a member of a specific group to verify the role. Example: system1 cli% setauthparam -f super-map software system1 cli% setauthparam -f edit-map engineering system1 cli% setauthparam -f browse-map hardware In the example above: • Users belonging to the software group are configured to have Super rights within the system. • Users belonging to the engineering group are configured to have Edit rights within the system. • Users belonging to the hardware group are configured to have Browse rights within the system. system1 cli% checkpassword 3paruser password: + attempting authentication and authorization using system-local data + authentication denied: unknown username + attempting authentication and authorization using LDAP + connecting to LDAP server using URI: ldaps://192.168.10.13 + simple bind to LDAP user 3paruser for DN uid=3paruser,ou=people,dc=ldaptest,dc=3par,dc=com + searching LDAP using: search base: ou=people,dc=ldaptest,dc=3par,dc=com filter: (&(objectClass=posixAccount)(uid=3paruser)) for attributes: gidNumber + search result DN: uid=3paruser,ou=people,dc=ldaptest,dc=3par,dc=com + search result: gidNumber: 2345 + searching LDAP using: search base: ou=groups,dc=ldaptest,dc=3par,dc=com filter: (&(objectClass=posixGroup)(|(gidNumber=2345)(memberUid=3paruser))) for attributes: cn + search result DN: cn=software,ou=groups,dc=ldaptest,dc=3par,dc=com + search result: cn: software + search result DN: cn=engineering,ou=groups,dc=ldaptest,dc=3par,dc=com + search result: cn: engineering + search result DN: cn=hardware,ou=groups,dc=ldaptest,dc=3par,dc=com + search result: cn: hardware + mapping rule: super mapped to by software + rule match: super mapped to by software + mapping rule: edit mapped to by engineering + rule match: edit mapped to by engineering + mapping rule: browse mapped to by hardware + rule match: browse mapped to by hardware user 3paruser is authenticated and authorized In the example above: • User 3PARuser is found to be a member of the software group and is assigned Super rights within the system. • Although 3PARuser is also a member of the engineering and hardware groups, the Super rights associated with the Software group supersede the Edit and Browse rights associated with the engineering and software groups. • The mapping rules set for 3PARuser are applied to all members of the software, engineering, and hardware groups; all software group members have Super Configuring LDAP Connections 37