HP StorageWorks Fabric OS 6.2 administrator guide (5697-0016, May 2009)

ManualsBrandsHP ManualsStorageHP StorageWorks 4/8 SAN Switch

100

Fabric OS 6.2 administrator guide 93

Figure 3 Example of the dictiona.dcm file

c. When selecting items from the Add Return List Attribute, select Brocade-Auth-Role and enter the

string Admin. The string will equal the role on the switch.

d. Add the Brocade profile.

e. In RSA Authentication Manager, edit the user records that will be authenticating using RSA SecurID.

LDAP configuration and Microsoft Active Directory

LDAP provides user authentication and authorization using the Microsoft Active Directory service in

conjunction with LDAP on the switch. There are two modes of operation in LDAP authentication, FIPS mode

and non-FIPS mode. This section discusses LDAP authentication in non-FIPS mode. For more information on

LDAP in FIPS mode, see Chapter 4, ”Configuring advanced security features” on page 117. The following

restrictions apply when using LDAP in non-FIPS mode:

• In Fabric OS 6.1.0 and later there is no password change through Active Directory.

• There is no automatic migration of newly created users from local switch database to Active Directory.

This is a manual process explained later.

• LDAP authentication is used on the local switch only and not for the entire fabric.

Roles for B-Series-specific users can be added through the Microsoft Management Console. Groups

created in Active Directory must correspond directly to the RBAC user roles on the switch. Role assignments

can be specified by including the user in the respective group. A user can be assigned to multiple groups

like Switch Admin and Security Admin. For LDAP servers, you can use the ldapCfg

-–maprole

ldap_role name switch_role command to map a LDAP server role to one of the default roles available on a

switch. For more information on RBAC roles, see ”Role-Based Access Control (RBAC)” on page 67.

NOTE: All instructions involving Microsoft Active Directory can be obtained from www.microsoft.com or

your Microsoft documentation. Confer with your system or network administrator prior to configuration for

any special needs your network environment may have.

Following is the overview of the process used to set up LDAP:

#######################################################################

# dictiona.dcm

#######################################################################

# Generic Radius

@radius.dct

# Specific Implementations (vendor specific)

@3comsw.dct

@aat.dct

@acc.dct

@accessbd.dct

@agere.dct

@agns.dct

@airespace.dct

@alcatel.dct

@altiga.dct

@annex.dct

@aptis.dct

@ascend.dct

@ascndvsa.dct

@axc.dct

@brocade.dct

@bandwagn.dct

@brocade.dct <-------