HP 3PAR StoreServ 7400 4-node HP 3PAR StoreServ Storage Concepts Guide (OS 3.1 - Page 20
Lightweight Directory Access Protocol, Overview, Active Directory, OpenLDAP, LDAP Users
View all HP 3PAR StoreServ 7400 4-node manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 20 highlights
3 Lightweight Directory Access Protocol Overview The Lightweight Directory Access Protocol (LDAP) is a standard protocol for communication between LDAP clients and LDAP directory servers. Data is stored as a directory hierarchy by the server and clients add, modify, search, or remove the data. The data can be organized using standard schemas understood by clients and servers from different vendors or by an application-specific schema used only by a particular vendor or application. The HP 3PAR OS contains an LDAP client that can be configured to use an LDAP server for authentication and authorization of system users. In an environment where there are multiple systems configured to use the same LDAP server in the same way, a single user with access to one system server can access all of the environment's systems with the same role. Accessing objects on systems configured to use HP 3PAR Virtual Domains Software requires access to the domain in which those objects reside. The configuration of domains may differ from one system installation to the next. This results in differing levels of access over objects based on mapping between the LDAP configuration and the individual system's domain configuration. The HP 3PAR LDAP client is designed to work with various LDAP servers and schemas for data organization. However, only use with the Active Directory LDAP directory implementation is currently supported. Configuring the HP 3PAR OS to use LDAP can only be performed with the HP 3PAR Command Line Interface (CLI). Refer to the HP 3PAR OS CLI Administrator's Manual for instructions on how to perform these tasks. NOTE: • At the current time, the OpenLDAP directory implementation is also available, however, on a limited basis. Check with your local HP service representative for updates on availability. • All LDAP related tasks are performed with the HP 3PAR Command Line Interface (CLI). Active Directory Active Directory is an implementation of LDAP directory services by Microsoft for use in Windows environments. An Active Directory server is both an LDAP and Kerberos server. When set up for SASL binding (see "SASL Binding" (page 22)), the Active Directory server and Kerberos server are used for both authorization and authentication of users. OpenLDAP OpenLDAP is an open source implementation of LDAP directory services developed by the OpenLDAP Project. OpenLDAP includes a server, client library, and tools that are available for a wide variety of operating systems. Different schemas can be used for user and group information with OpenLDAP. For example, the Posix schema is typically used for user and group information in Linux/Unix systems. LDAP Users Users created with the HP 3PAR CLI who access the system using HP 3PAR CLI clients, or with SSH, are authenticated and authorized directly on the system. These users are referred to as local users. An LDAP user is similar to a local user; however, an LDAP user is authenticated and authorized using information from an LDAP server. During authentication, if a user name is not recognized as a local user, that user's name and password are checked on the LDAP server. The local user's authentication data takes precedence 20 Lightweight Directory Access Protocol