HP 3PAR StoreServ 7200 2-node Administrator's Manual page 39
Hp 3par command line interface administrator's manual: hp 3par os 3.1.2 (qr482-96525, september 2013)
Hide thumbs
Also See for 3PAR StoreServ 7200 2-node:
- Manual (107 pages) ,
- Service manual (66 pages) ,
- Installation and setup manual (35 pages)
Table of Contents
Advertisement
2.
Configure the group-to-domain mapping parameters, as follows:
Issue the setauthparam domain-name-attr <attribute> command, where
<attribute> is the name of an attribute that holds the potential domain name. A
common parameter to specify as the <attribute> is name.
(Optional.) Issue the setauthparam domain-name-prefix <prefix> command,
where <prefix> is the start point of the domain name search within the information returned
from the domain-name-attr <attribute> parameter described above. An example
parameter to specify as the <prefix> is SystemDomain=.
3.
Issue the checkpassword command to verify that the users have the roles you assigned for
the desired groups and the group-to-domain mapping is correct. Use a member of a specific
group to verify the role.
Example using only the domain-name-attr parameter:
system cli% setauthparam domain-name-attr name
The example above corresponds to the first bullet in
as the basis of the domain name search.
system1 cli% checkpassword 3PARuser
...
+ search result:
+ search result:
+ search result:
+ mapping rule: edit mapped to by CN=Software,CN=Users,DC=3par,DC=com
+ rule match: edit mapped to by CN=Software,CN=Users,DC=3par,DC=com
+ mapping rule: browse mapped to by CN=Eng,CN=Users,DC=3par,DC=com
+ rule match: browse mapped to by CN=Eng,CN=Users,DC=3par,DC=com
+ searching LDAP using:
search base:
filter:
for attributes: name
+ search result DN: CN=Software Group,CN=Users,DC=3par,DC=com
+ search result:
+ group "CN=Software Group,CN=Users,DC=3par,DC=com" has potential domain Software_Group
(transformed from "Software Group")
+ searching LDAP using:
search base:
filter:
for attributes: name
+ search result DN: CN=Eng,CN=Users,DC=hq,DC=3par,DC=com
+ search result:
+ group "CN=Eng,CN=Users,DC=hq,DC=3par,DC=com" has potential domain Engineering
+ domain match: Engineering mapped to browse
+ domain match: Software_Group mapped to edit
user 3PARuser is authenticated and authorized
The example above corresponds to
3PARuser is found to be a member of the Software group with Edit rights. The Software
group is mapped to the Software_Group domain. 3PARuser is assigned Edit rights within
the Software domain.
3PARuser is also found to be a member of the Eng group with Browse rights. The Eng group
is mapped to the Engineering domain. 3PARuser is assigned Browse rights within the Eng
domain.
memberOf: CN=Software,CN=Users,DC=3par,DC=com
memberOf: CN=Eng,CN=Users,DC=3par,DC=com
memberOf: CN=Golfers,CN=Users,DC=3par,DC=com
CN=Software Group,CN=Users,DC=3par,DC=com
(objectClass=group)
name: Software Group
CN=Eng,CN=Users,DC=hq,DC=3par,DC=com
(objectClass=group)
name: Engineering
Step 3
and displays the following:
Configuring LDAP Connections on Systems Using Domains
Step
2. As shown, name is the attribute used
39
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
