1. Manuals
  2. Brands
  3. IBM Manuals
  4. Software
  5. RELEASE 7.3
  6. Management manual

Ldap; Ldap Administrative Tasks - IBM RELEASE 7.3 Management Manual

High performance storage system release 7.3
Hide thumbs
Table of Contents

Advertisement

2.1.2.3. LDAP

LDAP authorization is not supported by IBM Service Agreements. The following information
is provided for sites planning to use LDAP authorization with HPSS 7.1 as a site supported
feature.
An option for the authorization mechanism is to store HPSS security information in an LDAP directory.
LDAP (Lightweight Directory Access Protocol) is a standard for providing directory services over a
TCP/IP network. A server supporting the LDAP protocol provides a hierarchical view of a centralized
repository of data and provides clients with sophisticated search options. The LDAP software supported
by the HPSS LDAP authorization mechanism is IBM Tivoli Directory Server (Kerberos plug-in available
for AIX only) and OpenLDAP (Kerberos plug-in available for AIX and Linux). One advantage of using
the LDAP mechanism over the UNIX mechanism is that LDAP provides a central repository of
information that is used by all HPSS nodes; it doesn't have to be manually kept in sync.
The rest of this section deals with how to accomplish various administrative tasks if the LDAP
authorization mechanism is used.

2.1.2.3.1. LDAP Administrative Tasks

Working with Principals
Creating a principal
A principal is an entity with credentials, like a user or a server. The most straightforward way to
create a new principal is to use the -add and -ldap options of the hpssuser utility. The utility will
prompt for any needed information and will drive the hpss_ldap_admin utility to create a new
principal entry in the LDAP server. To create a new principal directly with the
hpss_ldap_admin utility, use the following command at the prompt:
princ create -uid <uid> -name <name> -gid <gid> -home <home>
-shell <shell> [-uuid <uuid>]
If no UUID is supplied, one will be generated.
Deleting a principal
Likewise, use the -del and -ldap options of the hpssuser utility to delete the named principal from
the LDAP server. To delete a named principal directly with the hpss_ldap_admin utility, use the
following command at the prompt:
princ delete [-uid <uid>] [-name <name>] [-gid <gid>]
[-uuid <uuid>]
You may supply any of the arguments listed. This command will delete any principal entries in
the LDAP information that have the indicated attributes.
Working with Groups
Creating a group
HPSS Management Guide
Release 7.3 (Revision 1.0)
November 2009
23

Advertisement

Table of Contents
loading

Related Manuals for IBM RELEASE 7.3

Related Content for IBM RELEASE 7.3

This manual is also suitable for:

Hpss

Table of Contents