Reference Guide
Fabric OS Command Reference 525
53-1002921-02
ldapCfg
2
ldapCfg
Maps LDAP AD server roles to default switch roles.
SYNOPSIS ldapcfg --maprole ldaprole switchrole
ldapcfg --unmaprole ldaprole
ldapcfg --show
ldapcfg --help
DESCRIPTION Use this command to map a Lightweight Directory Access Protocol (LDAP) Active Directory (AD) server
role to one of the default roles available on a switch. This command also provides an option to remove an
existing mapping.
This command creates an alias for a customer-defined group which allows a user belonging to that group
to login to the switch with the permissions associated with the mapped switch role.
This command supports one-to-one role mapping only. For example, you might map the "SAN
administrator" role on the AD server to the "admin" role on the switch, or the "SAN maintenance" role to
the switch "operator" role. But the command fails if you attempt to map an already mapped AD server
role.
NOTES The execution of this command is subject to Virtual Fabric or Admin Domain restrictions that may be in
place. Refer to Chapter 1, "Using Fabric OS Commands" and Appendix A, "Command Availability" for
details.
OPERANDS This command takes as input an action and its associated arguments. When no operand is specified, the
command prints the usage.
This command has the following operands:
--maprole
Maps an LDAP role to a specified switch role. The following operands are
required:
ldaprole
Specifies the LDAP role to be mapped to a switch role. The role must be a valid
AD server role.
switchrole
Specifies the switch role to which the LDAP role is mapped. Valid switch roles
include the following:
• admin
• user
• switchadmin
• zoneadmin
• fabricadmin
• basicswitchadmin
• operator
• securityadmin