Overview, Using ldap as the primary authentication method, Requirements for ldap users and groups – HP StoreAll Storage User Manual
Page 64: Configuring ldap for storeall software
6 Configuring authentication for SMB, FTP, and HTTP
Overview
StoreAll software supports several services for authenticating users accessing shares on StoreAll
file systems:
•
Active Directory: Active Directory has an ID mapping submode, which can be configured as
a secondary lookup.
•
LDAP
•
Local Users and Groups
Local Users and Groups can be used with Active Directory or LDAP.
NOTE:
As of StoreAll version 6.5, Active Directory and LDAP can be used together.
You can configure authentication from the GUI or CLI. When you configure authentication with
the GUI, the selected authentication services are configured on all servers. The CLI commands
allow you to configure authentication differently on different servers.
Using LDAP as the primary authentication method
Requirements for LDAP users and groups
StoreAll supports only OpenLDAP.
Configuring LDAP for StoreAll software
To configure LDAP, complete the following steps:
Where to find additional information.
General Description
Step
“Run the configuration script on the remote LDAP
server” (page 64)
IMPORTANT:
Before running the steps in this table,
confirm that:
•
LdapConfigurationOU and LdapWriteDN have
been provisioned on the remote LDAP server.
•
LdapConfigurationOU is readable and writeable
using LdapWriteDN credentials.
Run the configuration script on locally from a StoreAll
node to update the remote LDAP server.
1
“Update the template on the remote LDAP server”
(page 65)
Update a configuration file template that ships as
part of the StoreAll LDAP software. This updated
2
configuration file is then passed to a configuration
utility, which uses LDAP commands to modify the
remote enterprise's OpenLDAP server.
•
StoreAll Management Console (recommended):
“Configuring authentication from the StoreAll
Management Console” (page 68)
Configure LDAP authentication on all the cluster
nodes by using Fusion Manager.
You can configure LDAP authentication from the
StoreAll Management Console (recommended), or
by using the ibrix_ldapconfig command.
3
Run the configuration script on the remote LDAP server
The StoreAll gen_ldap-lwtools.sh script performs the configuration based on the copy of the
chosen schema template (ldap-conf.conf in the examples). Run the following command to
validate your changes (dry run):
64
Configuring authentication for SMB, FTP, and HTTP