Lightweight Directory Access Protocol; Overview; Active Directory; Openldap - HP 3PAR StoreServ 7200 2-node Manual

3 Lightweight Directory Access Protocol

Overview

The Lightweight Directory Access Protocol (LDAP) is a standard protocol for communication between
LDAP clients and LDAP directory servers. Data is stored as a directory hierarchy by the server and
clients add, modify, search, or remove the data. The data can be organized using standard schemas
understood by clients and servers from different vendors or by an application-specific schema used
only by a particular vendor or application.
The HP 3PAR OS contains an LDAP client that can be configured to use an LDAP server for
authentication and authorization of system users. In an environment where there are multiple systems
configured to use the same LDAP server in the same way, a single user with access to one system
server can access all of the environment's systems with the same role.
Accessing objects on systems configured to use HP 3PAR Virtual Domains Software requires access
to the domain in which those objects reside. The configuration of domains may differ from one
system installation to the next. This results in differing levels of access over objects based on mapping
between the LDAP configuration and the individual system's domain configuration.
The HP 3PAR LDAP client is designed to work with various LDAP servers and schemas for data
organization. However, only use with the Active Directory LDAP directory implementation is currently
supported.
Configuring the HP 3PAR OS to use LDAP can only be performed with the HP 3PAR Command
Line Interface (CLI). Refer to the HP 3PAR OS CLI Administrator's Manual for instructions on how
to perform these tasks.
NOTE:
At the current time, the OpenLDAP directory implementation is also available, however, on a
limited basis. Check with your local HP service representative for updates on availability.
All LDAP related tasks are performed with the HP 3PAR Command Line Interface (CLI).

Active Directory

Active Directory is an implementation of LDAP directory services by Microsoft for use in Windows
environments. An Active Directory server is both an LDAP and Kerberos server. When set up for
SASL binding (see
used for both authorization and authentication of users.

OpenLDAP

OpenLDAP is an open source implementation of LDAP directory services developed by the OpenLDAP
Project. OpenLDAP includes a server, client library, and tools that are available for a wide variety
of operating systems. Different schemas can be used for user and group information with OpenLDAP.
For example, the Posix schema is typically used for user and group information in Linux/Unix
systems.

LDAP Users

Users created with the HP 3PAR CLI who access the system using HP 3PAR CLI clients, or with SSH,
are authenticated and authorized directly on the system. These users are referred to as local users.
An LDAP user is similar to a local user; however, an LDAP user is authenticated and authorized
using information from an LDAP server.
During authentication, if a user name is not recognized as a local user, that user's name and
password are checked on the LDAP server. The local user's authentication data takes precedence
20 Lightweight Directory Access Protocol
"SASL Binding" (page 22)), the Active Directory server and Kerberos server are