HP 3PAR StoreServ 7400 2-node HP 3PAR Command Line Interface Administrator& - Page 39
Optional. Issue the, Software_Group
View all HP 3PAR StoreServ 7400 2-node manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 39 highlights
2. Configure the group-to-domain mapping parameters, as follows: • Issue the setauthparam domain-name-attr command, where is the name of an attribute that holds the potential domain name. A common parameter to specify as the is name. • (Optional.) Issue the setauthparam domain-name-prefix command, where is the start point of the domain name search within the information returned from the domain-name-attr parameter described above. An example parameter to specify as the is SystemDomain=. 3. Issue the checkpassword command to verify that the users have the roles you assigned for the desired groups and the group-to-domain mapping is correct. Use a member of a specific group to verify the role. Example using only the domain-name-attr parameter: system cli% setauthparam domain-name-attr name The example above corresponds to the first bullet in Step 2. As shown, name is the attribute used as the basis of the domain name search. system1 cli% checkpassword 3PARuser ... + search result: memberOf: CN=Software,CN=Users,DC=3par,DC=com + search result: memberOf: CN=Eng,CN=Users,DC=3par,DC=com + search result: memberOf: CN=Golfers,CN=Users,DC=3par,DC=com + mapping rule: edit mapped to by CN=Software,CN=Users,DC=3par,DC=com + rule match: edit mapped to by CN=Software,CN=Users,DC=3par,DC=com + mapping rule: browse mapped to by CN=Eng,CN=Users,DC=3par,DC=com + rule match: browse mapped to by CN=Eng,CN=Users,DC=3par,DC=com + searching LDAP using: search base: CN=Software Group,CN=Users,DC=3par,DC=com filter: (objectClass=group) for attributes: name + search result DN: CN=Software Group,CN=Users,DC=3par,DC=com + search result: name: Software Group + group "CN=Software Group,CN=Users,DC=3par,DC=com" has potential domain Software_Group (transformed from "Software Group") + searching LDAP using: search base: CN=Eng,CN=Users,DC=hq,DC=3par,DC=com filter: (objectClass=group) for attributes: name + search result DN: CN=Eng,CN=Users,DC=hq,DC=3par,DC=com + search result: name: Engineering + group "CN=Eng,CN=Users,DC=hq,DC=3par,DC=com" has potential domain Engineering + domain match: Engineering mapped to browse + domain match: Software_Group mapped to edit user 3PARuser is authenticated and authorized The example above corresponds to Step 3 and displays the following: • 3PARuser is found to be a member of the Software group with Edit rights. The Software group is mapped to the Software_Group domain. 3PARuser is assigned Edit rights within the Software domain. • 3PARuser is also found to be a member of the Eng group with Browse rights. The Eng group is mapped to the Engineering domain. 3PARuser is assigned Browse rights within the Eng domain. Configuring LDAP Connections on Systems Using Domains 39