HP 3PAR StoreServ 7400 2-node HP 3PAR StoreServ Storage Concepts Guide (OS 3.1 - Page 20

3 Lightweight Directory Access Protocol

Overview

The Lightweight Directory Access Protocol (LDAP) is a standard protocol for communication between

LDAP clients and LDAP directory servers. Data is stored as a directory hierarchy by the server and

clients add, modify, search, or remove the data. The data can be organized using standard schemas

understood by clients and servers from different vendors or by an application-specific schema used

only by a particular vendor or application.

The HP 3PAR OS contains an LDAP client that can be configured to use an LDAP server for

authentication and authorization of system users. In an environment where there are multiple systems

configured to use the same LDAP server in the same way, a single user with access to one system

server can access all of the environment’s systems with the same role.

Accessing objects on systems configured to use HP 3PAR Virtual Domains Software requires access

to the domain in which those objects reside. The configuration of domains may differ from one

system installation to the next. This results in differing levels of access over objects based on mapping

between the LDAP configuration and the individual system’s domain configuration.

The HP 3PAR LDAP client is designed to work with various LDAP servers and schemas for data

organization. However, only use with the Active Directory LDAP directory implementation is currently

supported.

Configuring the HP 3PAR OS to use LDAP can only be performed with the HP 3PAR Command

Line Interface (CLI). Refer to the

HP 3PAR OS CLI Administrator’s Manual

for instructions on how

to perform these tasks.

NOTE:

•

At the current time, the OpenLDAP directory implementation is also available, however, on a

limited basis. Check with your local HP service representative for updates on availability.

•

All LDAP related tasks are performed with the HP 3PAR Command Line Interface (CLI).

Active Directory

Active Directory is an implementation of LDAP directory services by Microsoft for use in Windows

environments. An Active Directory server is both an LDAP and Kerberos server. When set up for

SASL binding (see

“SASL Binding” (page 22)

), the Active Directory server and Kerberos server are

used for both authorization and authentication of users.

OpenLDAP

OpenLDAP is an open source implementation of LDAP directory services developed by the OpenLDAP

Project. OpenLDAP includes a server, client library, and tools that are available for a wide variety

of operating systems. Different schemas can be used for user and group information with OpenLDAP.

For example, the Posix schema is typically used for user and group information in Linux/Unix

systems.

LDAP Users

Users created with the HP 3PAR CLI who access the system using HP 3PAR CLI clients, or with SSH,

are authenticated and authorized directly on the system. These users are referred to as local users.

An LDAP user is similar to a local user; however, an LDAP user is authenticated and authorized

using information from an LDAP server.

During authentication, if a user name is not recognized as a local user, that user’s name and

password are checked on the LDAP server. The local user’s authentication data takes precedence

20

Lightweight Directory Access Protocol

Section	Page
HP 3PAR StoreServ Storage Concepts Guide	1
Contents	3
1 Overview	7
HP 3PAR Storage Concepts and Terminology	7
Physical Disks	8
Chunklets	8
Logical Disks	8
Common Provisioning Groups	8
Virtual Volumes	8
Fully-provisioned Virtual Volumes	8
Thinly-provisioned Virtual Volumes	8
Physical Copies	9
Virtual Copy Snapshots	9
Exporting Virtual Volumes	9
HP 3PAR Software	9
HP 3PAR Software Products and Features	10
HP 3PAR Software Licensing Requirements	13
2 HP 3PAR Storage System Users	18
User Accounts	18
Local User Authentication and Authorization	19
LDAP User Authentication and Authorization	19
Domain User Access	19
3 Lightweight Directory Access Protocol	20
Overview	20
Active Directory	20
OpenLDAP	20
LDAP Users	20
LDAP Server Data Organization	21
LDAP and Domains	21
LDAP Authentication and Authorization	22
Authentication	22
Simple Binding	22
SASL Binding	22
Authorization	22
Authorization on Systems Using Virtual Domains	23
4 HP 3PAR Virtual Domains	24
Overview	24
Domain Types	24
Domain Type	25
Users and Domain Rights	25
Object and Domain Association Rules	25
The Default and Current Domains	25
5 Ports and Hosts	27
Overview	27
About Ports	27
Port Location Formats	28
Port Target, Initiator, and Peer Modes	29
Active and Inactive Hosts	29
Adding and Removing Hosts	29
Managing Host Personas	30
Legacy Host Personas	31
The Host Explorer Software Agent	31
6 Chunklets	32
Overview	32
Physical Disk Chunklets	32
Spare Chunklets	32
7 Logical Disks	34
Overview	34
Logical Disks and Common Provisioning Groups	34
Logical Disk Types	34
RAID Types	35
RAID 0	35
RAID 1 and 10	35
RAID 5 and 50	36
RAID Multi-Parity	37
Logical Disk Size and RAID Types	38
8 Common Provisioning Groups	39
Overview	39
Precautions and Planning	39
Growth Increments, Warnings, and Limits	39
Growth Increment	40
Growth Warning	40
Growth Limit	40
System Guidelines for Creating CPGs	41
Volume Types Associated with CPGs	41
9 Virtual Volumes	42
Overview	42
Virtual Volume Types	42
Administrative Volumes	43
Fully-provisioned Virtual Volumes	43
Thinly Provisioned Virtual Volumes	43
TPVV Warnings and Limits	44
Virtual Volume Online Conversion	45
Physical Copies	45
Virtual Copy Snapshots	46
Virtual Copy Snapshot Relationships	46
Copy-on-Write Function	47
Copy-of and Parent Relationships	48
Exporting Virtual Volumes	48
VLUN Templates and Active VLUNs	49
VLUN Template Types	49
Host Sees	49
Host Set	49
Port Presents	49
Matched Set	50
10 Reclaiming Unused Space	51
Overview	51
Reclaiming Unmapped Logical Disk Space from CPGs	51
Reclaiming Unmapped Logical Disk Space from Volumes	52
Automatically Reclaiming Unused Snapshot Space from Volumes	52
Manually Reclaiming Unused Snapshot Space from Volumes	52
Deleted Volume Snapshot Space	52
Logical Disks and Chunklet Initialization	52
11 Enhanced Storage Applications	53
Overview	53
HP 3PAR mySnapshot Software	53
HP 3PAR Dynamic Optimization Software	53
HP 3PAR System Tuner Software	54
HP 3PAR Thin Conversion Software	55
Assessment	55
Data Preparation	55
Zeroing Unused Space	56
Creating a Physical Copy	56
HP 3PAR Thin Persistence Software	56
HP 3PAR Thin Copy Reclamation Software	56
HP 3PAR Virtual Lock Software	57
HP 3PAR Adaptive Optimization Software	57
HP 3PAR Peer Motion Software	58
Data Encryption	58
Priority Optimization	59
Automatic and Transparent Failover	59
12 HP 3PAR Storage System Hardware	61
Overview	61
Identifying System Components	61
Physical Disks	63
Drive Cage/Enclosure Models	64
HP M6710 Drive Enclosure	64
HP M6720 Drive Enclosure	64
DC4 Drive Cages and Ports and Cabling	64
DC3 Drive Cage and Ports and Cabling	65
Controller Nodes	66
Port Numbering	67
HP 3PAR StoreServ 7000 Controller Node Numbering	67
HP 3PAR StoreServ 10000 Controller Node Numbering	68
T-Class Controller Node Numbering	69
F-Class Controller Node Numbering	70
13 HP 3PAR SNMP Infrastructure	72
Overview	72
About SNMP	72
SNMP Managers	72
The HP 3PAR SNMP Agent	72
Standard Compliance	73
Supported MIBs	73
MIB-II	73
Exposed Objects	74
System Description	74
System Object ID	74
System Up Time	74
System Contact Information	74
System Name	75
System Location	75
The HP 3PAR MIB	75
alertNotify Traps	76
14 The HP 3PAR CIM API	78
Overview	78
About SMI-S	78
About the WBEM Initiative	78
HP 3PAR CIM Support	79
Standard Compliance	79
SMI-S Profiles	79
Supported Extensions	79
CIM Indications	79
15 Comparing HP 3PAR to EVA Terms	80
16 Support and Other Resources	81
Contacting HP	81
HP 3PAR documentation	81
Typographic conventions	84
HP 3PAR branding information	84
17 Documentation feedback	85
Glossary	86

HP 3PAR StoreServ 7400 2-node HP 3PAR StoreServ Storage Concepts Guide (OS 3.1 - Page 20

Lightweight Directory Access Protocol, Overview, Active Directory, OpenLDAP, LDAP Users

Page 20 highlights