Note: When defining the ‘Kerberos-Realm’ it must be entered in upper case. Target Search OU = “OU=Resources,OU=ITSVD,OU=EMEA,DC=vikernel,DC=com”Īuthorisation Group = “CN=3PARAdmins ,OU=Security,OU=EMEA,DC= vikernel,DC=com ”Īdministrator = CN=H\, viGareth,OU=Administrators, OU=Resources,OU=ITSVD,OU=EMEA,DC=vikernel,DC=com The FQDN name of the Domain Controller is: The IP address of the Domain Controller is: 172.16.12.1 The IP address of the StoreServ is : 172.16.20.1 The user viGareth.H has been added to the AD security group. To login to the StoreServ MC if the configured LDAP server has failed or the IP address has changed, you will need to login using a local account configured on the StoreServ and specify an alternative server.įor the purposes of this demonstration, the ‘3PARAdmins’ AD security group has been created, the AD DN name for this security group will be mapped to the StoreServ ‘super-map’ authorisation group. I would also recommend using the CLI as some of these attributes cannot be set using the user interface. Note: Presently there is no way of adding additional LDAP servers for redundancy, highlighting a single point of failure, something which will hopefully be addressed in new releases. Its important to know that the authorisation group ‘super-map’, identifies users in the defined group with super user privileges.Īdditional groups can be added to identify lower level access rights for operations performed on the StoreServ. The StoreServ uses RBAC (Roll Based Access Control) – which maps a user or group of users to an administrative role.
This will limit LDAP queries down to a particular Active Directory Organisational Unit, so you don’t have LDAP searches traversing your entire AD infrastructure. In this post I will describe how you can configure authentication via Active Directory, as well as limiting the LDAP search path used to resolve users. Securing Administrative Access to your HP 3PAR StoreServ