HP 3PAR Command Line Interface Administrator's Manual: HP 3PAR OS 3.1.2 (QR482-96525, September 2013)

rights within the system, all engineering group members have Edit rights within the
system, and all hardware group members have Browse rights within the system.
Configuring LDAP Connections on Systems Using Domains
LDAP is also available for systems using virtual domains for access control. The configuration
process is nearly identical to configuring LDAP on non-Domain systems, with the only difference
being an additional authorization step to map a user’s group to a domain. For information about
LDAP and domains, see “Lightweight Directory Access Protocol” in the HP 3PAR StoreServ Storage
Concepts Guide.
To configure your system to use an Active Directory LDAP server using SASL binding, the following
process must be performed (detailed instructions follow):
Configure connection parameters using the following commands:
setauthparam ldap-server <IP_address>
setauthparam ldap-server-hn <DNS_HostName>
setauthparam kerberos-realm <LDAP_ServiceName>
Configure binding (authentication) parameters using the following commands:
setauthparam binding sasl
setauthparam sasl-mechanism <SASL_type>
Configure account location parameters using the following commands:
setauthparam accounts-dn <DN_path>
setauthparam account-obj user
setauthparam account-name-attr sAMAccount
setauthparam memberof-attr memberOf
checkpassword <user_name>
Configure group-to-role mapping parameters using the following command:
setauthparam <map_param> <map_value>
Configure group-to-domain mapping parameters using the following commands:
setauthparam group-obj group
setauthparam domain-name-attr <attribute>, and optionally setauthparam
domain-name-prefix <prefix>
checkpassword <user_name>
The following instructions describe how to set up an Active Directory LDAP connection on a system
using Domains:
1. Follow the directions as described in the following sections:
a. “Configuring Connection Parameters” (page 23)
b. “Configuring Binding Parameters” (page 24)
c. “Configuring Account Location Parameters” (page 24)
d. “Configuring Group-to-Role Mapping Parameters” (page 26); however, do not issue the
checkpassword command.
38 Managing User Accounts and Connections