HP 3PAR Command Line Interface Administrator's Manual: HP 3PAR OS 3.1.2 (QR482-96525, September 2013)

3. Issue the checkpassword command to verify that the users have the roles you assigned for
the desired groups. Use a member of a specific group to verify the role.
Example:
system1 cli% setauthparam -f super-map software
system1 cli% setauthparam -f edit-map engineering
system1 cli% setauthparam -f browse-map hardware
In the example above:
Users belonging to the software group are configured to have Super rights within the
system.
Users belonging to the engineering group are configured to have Edit rights within
the system.
Users belonging to the hardware group are configured to have Browse rights within the
system.
system1 cli% checkpassword 3paruser
password:
+ attempting authentication and authorization using system-local data
+ authentication denied: unknown username
+ attempting authentication and authorization using LDAP
+ connecting to LDAP server using URI: ldaps://192.168.10.13
+ simple bind to LDAP user 3paruser for DN
uid=3paruser,ou=people,dc=ldaptest,dc=3par,dc=com
+ searching LDAP using:
search base: ou=people,dc=ldaptest,dc=3par,dc=com
filter: (&(objectClass=posixAccount)(uid=3paruser))
for attributes: gidNumber
+ search result DN: uid=3paruser,ou=people,dc=ldaptest,dc=3par,dc=com
+ search result: gidNumber: 2345
+ searching LDAP using:
search base: ou=groups,dc=ldaptest,dc=3par,dc=com
filter:
(&(objectClass=posixGroup)(|(gidNumber=2345)(memberUid=3paruser)))
for attributes: cn
+ search result DN: cn=software,ou=groups,dc=ldaptest,dc=3par,dc=com
+ search result: cn: software
+ search result DN: cn=engineering,ou=groups,dc=ldaptest,dc=3par,dc=com
+ search result: cn: engineering
+ search result DN: cn=hardware,ou=groups,dc=ldaptest,dc=3par,dc=com
+ search result: cn: hardware
+ mapping rule: super mapped to by software
+ rule match: super mapped to by software
+ mapping rule: edit mapped to by engineering
+ rule match: edit mapped to by engineering
+ mapping rule: browse mapped to by hardware
+ rule match: browse mapped to by hardware
user 3paruser is authenticated and authorized
In the example above:
User 3PARuser is found to be a member of the software group and is assigned Super
rights within the system.
Although 3PARuser is also a member of the engineering and hardware groups, the
Super rights associated with the Software group supersede the Edit and Browse rights
associated with the engineering and software groups.
The mapping rules set for 3PARuser are applied to all members of the software,
engineering, and hardware groups; all software group members have Super
Configuring LDAP Connections 37