beautypg.com

HP 3PAR Operating System Software User Manual

Page 80

background image

For an LDAP configuration with SASL binding, the following information is provided:

Description

Field

Group

The IP address of the LDAP server.

LDAP Server

General

(With HP 3PAR OS 3.1.2 or later, the LDAP server name can
be either an IP address or a DNS server name.

Indicates the port of the LDAP server (default 389 for non-SSL,
636 for SSL)

Port

When the Domain Name Prefix is set, the value of the attribute
specified by the Domain Name Attribute is a candidate domain

Domain Name Attribute

name. The value of domain-name-prefix is a character string
used to extract the domain name from the candidate. The value
is an optional exclamation point ('!') followed by a character
string called the prefix. The exclamation point is a flag that
means the presence of the prefix is required and is described
more below.

The candidate domain name is searched for the presence of
the prefix and if found, the domain name starts after the first
occurrence of the prefix and stops before the first space or tab
following it or at the end of the candidate domain name.

If the prefix is not found, the behavior depends on the flag. If
the exclamation point was not used (there is no flag), the
candidate domain name becomes the domain name. If the flag
is present, the candidate domain name is rejected and there is
no domain name. As a last step, and as described for the
Domain Name Attribute, domain names can be truncated and
have invalid characters replaced.

When set, the mapping of groups to domains is enabled. For
a user that is a member of a group that maps to a role, the

Domain Name Prefix

value of the Domain Name Attribute is used to look up an
attribute in the group that holds the name of a domain. If the
domain is too long or contains characters that are not allowed
in a domain name, the name is truncated to the maximum length
of a domain name and invalid characters are replaced with an
underscore ('_').

Indicates whether LDAP users are allowed to set a publish SSH
key using the CLI command setsshkey.

Allow SSH Key

80

Managing LDAP with Security & Domains Manager