HP 3PAR Command Line Interface Administrator's Manual: HP 3PAR OS 3.1.2 (QR482-96525, September 2013)

ManualsBrandsHP ManualsStorageHP 3PAR StoreServ 10400 32GB Control/64GB Data Cache Rack Configuration Base

3. Issue the checkpassword command to verify that the users have the roles you assigned for

the desired groups. Use a member of a specific group to verify the role.

Example:

system1 cli% setauthparam -f super-map software

system1 cli% setauthparam -f edit-map engineering

system1 cli% setauthparam -f browse-map hardware

In the example above:

• Users belonging to the software group are configured to have Super rights within the

system.

• Users belonging to the engineering group are configured to have Edit rights within

the system.

• Users belonging to the hardware group are configured to have Browse rights within the

system.

system1 cli% checkpassword 3paruser

password:

+ attempting authentication and authorization using system-local data

+ authentication denied: unknown username

+ attempting authentication and authorization using LDAP

+ connecting to LDAP server using URI: ldaps://192.168.10.13

+ simple bind to LDAP user 3paruser for DN

uid=3paruser,ou=people,dc=ldaptest,dc=3par,dc=com

+ searching LDAP using:

search base: ou=people,dc=ldaptest,dc=3par,dc=com

filter: (&(objectClass=posixAccount)(uid=3paruser))

for attributes: gidNumber

+ search result DN: uid=3paruser,ou=people,dc=ldaptest,dc=3par,dc=com

+ search result: gidNumber: 2345

+ searching LDAP using:

search base: ou=groups,dc=ldaptest,dc=3par,dc=com

filter:

(&(objectClass=posixGroup)(|(gidNumber=2345)(memberUid=3paruser)))

for attributes: cn

+ search result DN: cn=software,ou=groups,dc=ldaptest,dc=3par,dc=com

+ search result: cn: software

+ search result DN: cn=engineering,ou=groups,dc=ldaptest,dc=3par,dc=com

+ search result: cn: engineering

+ search result DN: cn=hardware,ou=groups,dc=ldaptest,dc=3par,dc=com

+ search result: cn: hardware

+ mapping rule: super mapped to by software

+ rule match: super mapped to by software

+ mapping rule: edit mapped to by engineering

+ rule match: edit mapped to by engineering

+ mapping rule: browse mapped to by hardware

+ rule match: browse mapped to by hardware

user 3paruser is authenticated and authorized

In the example above:

• User 3PARuser is found to be a member of the software group and is assigned Super

rights within the system.

• Although 3PARuser is also a member of the engineering and hardware groups, the

Super rights associated with the Software group supersede the Edit and Browse rights

associated with the engineering and software groups.

• The mapping rules set for 3PARuser are applied to all members of the software,

engineering, and hardware groups; all software group members have Super

Configuring LDAP Connections 37