Manualshelf

6.3 HP StoreAll Storage File System User Guide (TA768-96093, June 2013)

ManualsBrandsHP ManualsStorageHP X9320 IB 21.6TB Network Storage System
71727374757677787980
IMPORTANT: Before using ibrix_ldapconfig to configure LDAP on the cluster nodes, you
must configure the remote LDAP server. For more information, see “Configuring LDAP for StoreAll
software” (page 62).
IMPORTANT: Linux Static User mapping is not supported if LDAP is configured as the primary
authentication service.
Add an LDAP configuration and enable LDAP:
ibrix_ldapconfig -a -h LDAPSERVERHOST [-P LDAPSERVERPORT] -b LDAPBINDDN
-p LDAPBINDDNPASSWORD -w LDAPWRITEOU -B LDAPBASEOFSEARCH -n NETBIOS -E
ENABLESSL [-f CERTFILEPATH] [-c CERTFILECONTENTS]
The options are:
The LDAP server host (server name or IP address).-h LDAPSERVERHOST
The LDAP server port.-P LDAPSERVERPORT
The LDAP bind Distinguished Name. For example:
cn=hp9000-readonly-user,dc=entx,dc=net.
-b LDAPBINDDN
The LDAP bind password.-p LDAPBINDDNPASSWORD
The LDAP write Organizational Unit, or OU (for example,
ou=9000Config,,ou=configuration,dc=entx,dc=net).
-w LDAPWRITEOU
The LDAP base for searches (for example, ou=people,cd=enx,dc=net).-B LDAPBASEOFSEARCH
The NetBIOS name, such as StoreAll.-n NETBIOS
The type of certificate required. Enter 0 for no certificate, 1 for TLS, or 2 for SSL.-E ENABLESSL
The path to the TLS or SSL certificate file, such as /usr/local/ibrix/ldap/
key.pem.
-f CERTFILEPATH
The contents of the certificate file. Copy the contents and paste them between quotes.-c CERTFILECONTENTS
Modify an LDAP configuration:
ibrix_ldapconfig -m -h LDAPSERVERHOST [-P LDAPSERVERPORT] [e|D] [-b
LDAPBINDDN] [-p LDAPBINDDNPASSWORD] [-w LDAPWRITEOU] [-B
LDAPBASEOFSEARCH] [-n NETBIOS] [-E ENABLESSL] [-f CERTFILEPATH]|[-c
CERTFILECONTENTS]
The -f and -c arguments are mutually exclusive. Provide one or the other but not both.
View the LDAP configuration:
ibrix_ldapconfig -i
Enable LDAP:
ibrix_ldapconfig -e LDAPSERVERHOST
Disable LDAP:
ibrix_ldapconfig -D LDAPSERVERHOST
Configuring LDAP ID mapping
Use the ibrix_ldapidmapping command to configure LDAP ID mapping as a secondary lookup
source for Active Directory. LDAP ID mapping can be used only for SMB shares.
Add an LDAP ID mapping:
ibrix_ldapidmapping -a -h LDAPSERVERHOST -B LDAPBASEOFSEARCH [-P
LDAPSERVERPORT] [-b LDAPBINDDN] [-p LDAPBINDDNPASSWORD] [-m MAXWAITTIME]
[-M MAXENTRIES] [-n] [-s] [-o] [-u]
Configuring authentication from the CLI 73