Manualshelf

6.1 HP IBRIX X9000 Network Storage System File System User Guide (TA768-96061, June 2012)

ManualsBrandsHP ManualsStorageHP X9320 IB 192TB Network Storage System
51525354555657585960
Using LDAP as the primary authentication method
Requirements for LDAP users and groups
X9000 supports only OpenLDAP. If you are using LDAP or LDAP ID mapping for authentication,
follow these requirements when setting up users and groups:
UID and GID values cannot be set to less than 1.
Use the uid schema attribute to add user account names.
Use the cn schema attribute to add group account names.
UID and GIDs must be stored in UidNumber and GidNumber schema attributes.
Configuring LDAP for X9000 software
To configure LDAP, complete the following steps:
1. Update a configuration template on the remote LDAP server.
2. Run the configuration script on the remote LDAP server.
3. Configure LDAP authentication on the cluster nodes.
Update the template on the remote LDAP server
OpenLDAP ships with three configuration templates:
customized-schema-template.conf
samba-schema-template.conf
posix-schema-template.conf
Make a copy of the template corresponding to the schema your LDAP server supports, and update
the copy with your configuration information.
Customized template. Provide values (equivalent names) for all virtual attributes in the configuration.
For example:
mandatory; virtual; uid; your-schema-equivalent-of-uid
optional; virtual; homeDirectory; your-schema-equivalent-of-homeDirectory
Samba template. Enter the required attributes for Samba/POSIX templates. You can use the default
values specified in the “Map (mandatory) variables” and “Map (Optional) variables” sections of
the template.
POSIX template. Enter the required attributes for Samba/POSIX templates. Also remove or comment
out the following virtual attributes:
# mandatory; virtual; SID;sambaSID
# mandatory; virtual; PrimaryGroupSID;sambaPrimaryGroupSID
# mandatory; virtual; sambaGroupMapping;sambaGroupMapping
Required attributes for Samba/POSIX templates
DescriptionValueNonvirtual attribute
name
Helps identify the configuration version uploaded. Potentially
used for reports, audit history, and troubleshooting.
Any arbitrary stringVERSION
A FQDN or IP. Typically, it is a front-ended switch or an IP
LDAP proxy/balancer name/address for multiple backend
high-availability LDAP servers.
IP Address stringLDAPServerHost
The LDAP OU (organizational unit) to which configuration
entries can be written. This OU must exist on the server and
must be readable and writable using LDAPWriteDN.
Writable OU name stringLdapConfigurationOU
Using LDAP as the primary authentication method 55