Manualshelf

3PAR InForm® OS 2.2.4 Concepts Guide (320-200085 Rev B, March 2009)

ManualsBrandsHP ManualsSoftwareHP 3PAR Operating System Software
31323334353637383940
4.2
LDAP Users
3PAR InForm OS Concepts Guide InForm OS Version 2.2.4
Accessing objects on InServ servers configured to use 3PAR Domains requires privileges in the
domain in which those objects reside. The configuration of domains may differ from one
InServ system installation to the next. This results in differing levels of privileges over objects
based on mapping between the LDAP configuration and the individual InServ server’s domain
configuration.
The InForm OS LDAP client is designed to work with various LDAP servers and schemas for data
organization. However, only use with the Active Directory LDAP directory implementation is
currently supported.
4.1.1 Active Directory
Active Directory is an implementation of LDAP directory services by Microsoft for use in
Windows environments. An Active Directory server is both an LDAP and Kerberos server. When
set up for SASL binding (see SASL Binding on page 4.5), the Active Directory server and
Kerberos server are used for both authorization and authentication of users.
4.1.2 OpenLDAP
OpenLDAP is an open source implementation of LDAP directory services developed by the
OpenLDAP Project. OpenLDAP includes a server, client library, and tools that are available for a
wide variety of operating systems. Different schemas can be used for user and group
information with OpenLDAP. For example, the Posix schema is typically used for user and
group information in Linux/Unix systems.
4.2 LDAP Users
As discussed in Chapter 3, InServ Storage Server Users, user’s created from the createuser
InForm CLI command who access the InServ Storage Server using the InForm CLI or InForm
Management Console clients, or with SSH, are authenticated and authorized directly on the
InServ Storage Server. These users are referred to as local users. An LDAP user is similar to a
local user, however an LDAP user is authenticated and authorized using information from an
LDAP server.
NOTE: At the current time, the OpenLDAP directory implementation is also
available, however, on a limited basis. Check with your local 3PAR service
representative for updates on availability.