Manualshelf

6.1 HP IBRIX X9000 Network Storage System CLI Reference (TA768-96057, June 2012)

ManualsBrandsHP ManualsStorageHP X9320 IB 21.6TB Network Storage System
919293949596979899100
ibrix_ldapidmapping
Configures LDAP ID mapping as a secondary lookup source for Active Directory.
Description
When Active Directory is used to authenticate users accessing CIFS shares, you can configure
LDAP ID mapping as a secondary lookup source. This method allows the system to read CIFS client
UIDs and GIDs from LDAP if the needed ID cannot be located in an AD entry. The name in LDAP
must match the name in AD without respect for case or pre-appended domain.
Use the ibrix_ldapidmapping command to enable or disable an existing LDAP ID mapping,
to add an LDAP IP mapping, and to display the current LDAP ID mapping configuration.
You can tune the LDAP scope, maximum wait time, and maximum entries options to ensure that
search results are timely. Tuning can be especially useful in environments with extremely large
directories, especially when case insensitive searches can return many entries.
Synopsis
Add an LDAP ID mapping:
ibrix_ldapidmapping -a -h LDAPSERVERHOST -B LDAPBASEOFSEARCH [-P
LDAPSERVERPORT] [-b LDAPBINDDN] [-p LDAPBINDDNPASSWORD] [-m MAXWAITTIME]
[-M MAXENTRIES] [-n] [-s] [-o] [-u]
This command automatically enables LDAP RFC 2307 ID Mapping.
Display information for LDAP ID mapping:
ibrix_ldapidmapping -i
Enable an existing LDAP ID mapping:
ibrix_ldapidmapping -e -h LDAPSERVERHOST
Disable an existing LDAP ID mapping:
ibrix_ldapidmapping -d -h LDAPSERVERHOST
Options
DescriptionOption
Specifies the LDAP base for searches (for example, ou=people,cd=enx,dc=net).-B LDAPBASEOFSEARCH
Specifies the maximum number of entries to return from the search (the default is 10).
Enter 0 (zero) for no limit.
-M MAXENTRIES
The LDAP server port (TCP port 389 for unencrypted or TLS encrypted; 636 for SSL
encrypted).
-P LDAPSERVERPORT
Adds an LDAP ID mapping (automatically enables LDAP RFC 2307 ID Mapping).-a
Specifies the LDAP User Account used to authenticate to the LDAP server to read data.
This account must have privileges to read the entire directory. Write credentials are not
-b LDAPBINDDN
required. For example: cn=hpx9000-readonly-user,dc=enxt,dc=net. The default
is anonymous.
Disables an existing LDAP ID mapping.-d
Enables an existing LDAP ID mapping.-e
The LDAP server host (server name or IP address).-h LDAPSERVERHOST
Displays LDAP ID mapping information.-i
92 X9000 File Serving Software commands