beautypg.com

Overview, Using ldap as the primary authentication method, Requirements for ldap users and groups – HP StoreAll Storage User Manual

Page 64: Configuring ldap for storeall software

background image

6 Configuring authentication for SMB, FTP, and HTTP

Overview

StoreAll software supports several services for authenticating users accessing shares on StoreAll
file systems:

Active Directory: Active Directory has an ID mapping submode, which can be configured as
a secondary lookup.

LDAP

Local Users and Groups

Local Users and Groups can be used with Active Directory or LDAP.

NOTE:

As of StoreAll version 6.5, Active Directory and LDAP can be used together.

You can configure authentication from the GUI or CLI. When you configure authentication with
the GUI, the selected authentication services are configured on all servers. The CLI commands
allow you to configure authentication differently on different servers.

Using LDAP as the primary authentication method

Requirements for LDAP users and groups

StoreAll supports only OpenLDAP.

Configuring LDAP for StoreAll software

To configure LDAP, complete the following steps:

Where to find additional information.

General Description

Step

“Run the configuration script on the remote LDAP
server” (page 64)

IMPORTANT:

Before running the steps in this table,

confirm that:

LdapConfigurationOU and LdapWriteDN have
been provisioned on the remote LDAP server.

LdapConfigurationOU is readable and writeable
using LdapWriteDN credentials.

Run the configuration script on locally from a StoreAll
node to update the remote LDAP server.

1

“Update the template on the remote LDAP server”
(page 65)

Update a configuration file template that ships as
part of the StoreAll LDAP software. This updated

2

configuration file is then passed to a configuration
utility, which uses LDAP commands to modify the
remote enterprise's OpenLDAP server.

StoreAll Management Console (recommended):

“Configuring authentication from the StoreAll
Management Console” (page 68)

Configure LDAP authentication on all the cluster
nodes by using Fusion Manager.

You can configure LDAP authentication from the
StoreAll Management Console (recommended), or
by using the ibrix_ldapconfig command.

3

Run the configuration script on the remote LDAP server

The StoreAll gen_ldap-lwtools.sh script performs the configuration based on the copy of the
chosen schema template (ldap-conf.conf in the examples). Run the following command to
validate your changes (dry run):

64

Configuring authentication for SMB, FTP, and HTTP