6.5 HP StoreAll OS User Guide

ManualsBrandsHP ManualsStorageHP X9320 IB 21.6TB Network Storage System

141

142

143

144

145

146

147

148

149

150

Changing group administrative privileges

Table 17 Changing group administrative privileges

CommandTask

ibrix_objectstoreadmin -a -k GROUP_NAMEGrant all members of the group

administrative privileges.

ibrix_objectstoreadmin -d -k GROUP_NAMERemove administrative privileges from a

group.

Sample commands

An example of granting administrative privileges to an AD group:

ibrix_objectstoreadmin –a –k IBRIX_DOMAIN\\GROUP_NAME

An example of granting administrative privileges to a Storeall local group:

ibrix_objectstoreadmin –a –k GROUP_NAME

Creating tokens for authentication

Object Store requires you to use an authentication token with all of its commands.

IMPORTANT: Authentication tokens expire after 24 hours.

To create a token, enter the following command:

Format for an environment using StoreAll local users

curl -d '{"auth": {"tenantName": "<GROUP_NAME>",

"passwordCredentials":{"username": "<USER_NAME>", "password":

"<PASSWORD>"}}}' -H "Content-type: application/<JSON/XML>" http://<FM

user VIF>:<KEYSTONE SERVER ADMIN PORT>/v2.0/tokens

Format for an environment using AD and LDAP groups

curl -d '{"auth": {"tenantName": "<DOMAIN NAME>\\domain^users",

"passwordCredentials":{"username": "<DOMAIN NAME>\\<USER_NAME>",

"password": "<PASSWORD>"}}}' -H "Content-type: application/<JSON/XML>"

http://<FM user VIF>:<KEYSTONE SERVER ADMIN PORT>/v2.0/tokens

Sample command with request for output in JSON format in an Active Directory environment:

curl -d '{"auth": {"tenantName": "IBRQA1\\domain^users",

"passwordCredentials":{"username": "IBRQA1\\ibrixuser21", "password":

"mypassword"}}}' -H "Content-type: application/json"

http://10.10.104.115:35357/v2.0/tokens}'

In this instance:

• 10.10.104.115 is the IP address of the Fusion Manager user VIF.

• 35357 is the Keystone server admin port, which is a TCP port

• json is the output format. The output format can also be XML.

• IBRQA1 is the domain the user was added to, as described in “Add users to an administrator

group using the GUI” (page 140).

• ibrixuser21 is the user name.

• mypassword is the password for the user name.

{"access": {"token": {"expires": "2013-08-21T20:08:48Z", "id": "1bb88b944f6c4c8fb7411f85d3bd6bf4", "tenant":

{"enabled": true, "id": "7b9a902423a582c9eda266dcf3ad6974a2b98e4b21ea7c9e1e8d38f76afdf1b4", "name":

"IBRQA1\\domain^users"}}, "serviceCatalog": [{"endpoints": [{"adminURL": "http://10.10.104.116:8888/", "region":

"RegionOne", "internalURL":

"http://10.10.104.116:8888/v1/AUTH_7b9a902423a582c9eda266dcf3ad6974a2b98e4b21ea7c9e1e8d38f76afdf1b4", "id":

"b83cb54998f54781ab9905aff878cab2", "publicURL":

Changing group administrative privileges 143