Configuring ldap id mapping – HP StoreAll Storage User Manual

Page 73

Advertising
background image

IMPORTANT:

Before using ibrix_ldapconfig to configure LDAP on the cluster nodes, you

must configure the remote LDAP server. For more information, see

“Configuring LDAP for StoreAll

software” (page 62)

.

IMPORTANT:

Linux Static User mapping is not supported if LDAP is configured as the primary

authentication service.

Add an LDAP configuration and enable LDAP:

ibrix_ldapconfig -a -h LDAPSERVERHOST [-P LDAPSERVERPORT] -b LDAPBINDDN

-p LDAPBINDDNPASSWORD -w LDAPWRITEOU -B LDAPBASEOFSEARCH -n NETBIOS -E

ENABLESSL [-f CERTFILEPATH] [-c CERTFILECONTENTS]

The options are:

The LDAP server host (server name or IP address).

-h LDAPSERVERHOST

The LDAP server port.

-P LDAPSERVERPORT

The LDAP bind Distinguished Name. For example:
cn=hp9000-readonly-user,dc=entx,dc=net

.

-b LDAPBINDDN

The LDAP bind password.

-p LDAPBINDDNPASSWORD

The LDAP write Organizational Unit, or OU (for example,
ou=9000Config,,ou=configuration,dc=entx,dc=net

).

-w LDAPWRITEOU

The LDAP base for searches (for example, ou=people,cd=enx,dc=net).

-B LDAPBASEOFSEARCH

The NetBIOS name, such as StoreAll.

-n NETBIOS

The type of certificate required. Enter 0 for no certificate, 1 for TLS, or 2 for SSL.

-E ENABLESSL

The path to the TLS or SSL certificate file, such as /usr/local/ibrix/ldap/
key.pem

.

-f CERTFILEPATH

The contents of the certificate file. Copy the contents and paste them between quotes.

-c CERTFILECONTENTS

Modify an LDAP configuration:

ibrix_ldapconfig -m -h LDAPSERVERHOST [-P LDAPSERVERPORT] [e|D] [-b

LDAPBINDDN] [-p LDAPBINDDNPASSWORD] [-w LDAPWRITEOU] [-B

LDAPBASEOFSEARCH] [-n NETBIOS] [-E ENABLESSL] [-f CERTFILEPATH]|[-c

CERTFILECONTENTS]

The -f and -c arguments are mutually exclusive. Provide one or the other but not both.

View the LDAP configuration:

ibrix_ldapconfig -i

Enable LDAP:

ibrix_ldapconfig -e LDAPSERVERHOST

Disable LDAP:

ibrix_ldapconfig -D LDAPSERVERHOST

Configuring LDAP ID mapping

Use the ibrix_ldapidmapping command to configure LDAP ID mapping as a secondary lookup
source for Active Directory. LDAP ID mapping can be used only for SMB shares.

Add an LDAP ID mapping:

ibrix_ldapidmapping -a -h LDAPSERVERHOST -B LDAPBASEOFSEARCH [-P

LDAPSERVERPORT] [-b LDAPBINDDN] [-p LDAPBINDDNPASSWORD] [-m MAXWAITTIME]

[-M MAXENTRIES] [-n] [-s] [-o] [-u]

Configuring authentication from the CLI

73

Advertising
Popular Brands
Popular manuals