Command Reference Guide

Table 5 Values for Specifiers <map-param> and <map-value> (continued)
Same as super-map, but for the Edit level.edit-map
Same as super-map, but for the Browse level.browse-map
Same as super-map, but for the Create level.create-map
Same as super-map, but for the Basic_edit level.basic_edit-map
Same as super-map, but for the 3PAR_AO level.3PAR_AO-map
Same as super-map, but for the 3PAR_RM level.3PAR_RM-map
NOTE: The IMC refers to <map-param> specifiers as Authorization Groups.
For a comprehensive example of the setauthparam command used during LDAP setup, see the
LDAP chapter of the HP 3PAR Command Line Interface Administrator’s Manual.
Users who have been provided with a password that allows successful binding with the LDAP
server will nevertheless be denied access if they are not members of any of the groups specified
by the map parameters.
The matching of a user's groups with the mapping rules is done in the order of the mapping
parameters provided previously. When there are multiple matches, the first match determines
the user's role level.
Domain names found with the use of domain-name-attr and domain-name-prefix are
only potential domains and a user will only have roles in those if they are actually existing
domains. The showdomain command will list existing domains.
The showauthparam command displays authentication parameter settings and the
checkpassword command can be used to see how the parameters are used to bind with an
LDAP server and search for data to determine the user's role level.
When HP 3PAR Domains are enabled, you can only have Super or Service roles for the
domain all. Any other domain names are ignored for Super or Service level users. You can
only have the Service role when no other domains match for levels other than Super or Service.
If other such domains match, the Service level match is ignored.
setauthparam 277