- Notes, cautions, and warnings
- PowerFlex LDAP
- PowerFlex authentication and user roles
- Command authorization
- Preparing PowerFlex nodes for use with LDAP
- Configuring LDAP authentication on the PowerFlex MDM
- Configuring LDAP authentication on the PowerFlex Gateway
- Configuring LDAP authorization on the LIA
Dell PowerFlex v3.6.x User Roles and LDAP Usage Technical Notes
Local versus LDAP users
Local users function differently than LDAP users in PowerFlex. Although the role names are similar for local and LDAP users, the authorization permissions for each user role are defined differently for native and LDAP authentication.
Native authentication uses the nested model, in which a more privileged role immediately grants access to the same set of authorized commands associated with a less-privileged role, For example, in the local domain, when a user is defined as Administrator, that user may execute any command associated with the lesser privileged roles (Configure and Monitor). An Administrator may add users due to the Administrator role, and in addition, may also perform configuration changes through the Configure role.
For an LDAP user, this is not the case. Instead, a segregated model is used for the roles, and a specific set of commands is associated with each role. An LDAP user defined as an Administrator is limited to Administrator operations, such as adding users, but is not able to invoke any BackendConfigure, FrontendConfigure, or Monitor commands. You must assign LDAP users to each role to grant access to its specific set of commands.
The Configure and Superuser roles do not exist at all for LDAP authentication.
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\