beautypg.com

Using ldap, Ldap server guidelines, User and group access – HP StoreEver ESL G3 Tape Libraries User Manual

Page 78: Openldap 2.4, 78 openldap 2.4

background image

10.

Click Next to display the Select the partitions for host access dialog box.

11.

Select or clear the box or boxes in the Select column to indicate which partitions to configure for
host access.

12.

For each partition selected, also select the appropriate box in either the Port A or Port B columns
to indicate which port to use. (The default is Port A.)

13.

Click Finish to update host access.

14.

Click OK in the The Host Access was updated successfully dialog box.

Using LDAP

Before using the Setup Wizard, see

Setup Wizard Prerequisites

.

Lightweight Directory Access Protocol (LDAP) is the industry standard Internet protocol that provides
centralized user account management. This library supports the Microsoft® Active Directory® LDAP
server and user account information in the schema defined by RFC 2307. User password schemes
must be encrypted using UNIX® crypt.

You can configure the Lightweight Directory Access Protocol (LDAP) settings any time after the initial
library configuration. Once you enable and configure LDAP, you can view your current LDAP settings
using the LDAP menu.

LDAP Server Guidelines

User account information is centralized and shared by different applications, simplifying user account
management tasks. Administrative users can add, delete, and modify only local user account
information.

User and Group Access

For LDAP accounts with user privileges, access to library partitions is determined by group assignment
on the LDAP server. Groups must be created on the LDAP server with names that correspond to the
library partition names. Users without administrator privileges must be assigned to these groups on
the LDAP server to have access to the corresponding partitions on the library.

LDAP accounts with administrative privileges have access to all partitions and administrative functions
and do not need to be assigned to partition-related groups on the LDAP server.

NOTE:

Usernames and group objects must be in LDAP Distinguished Names formats.

OpenLDAP 2.4

You must install and run OpenLDAP 2.4 or later. The supported Objects in OpenLDAP 2.4 and above
are of type Person or derived objects, and the group Objects must be of type GroupOfNames.

OpenLDAP must be compiled with Overlay Support and requires the installation of memberOf overlay.
More information can be found in the man pages of OpenLDAP with the man slapo-memberof
command.

Modifying the Library Configuration

78

See also other documents in the category HP Storage: