assign_ldap_groups_to_roles
Map LDAP groups to
PowerFlex system roles.
The LDAP service must be configured before using this command. Once you have mapped the roles, you can assign users in the Active Directory to the relevant LDAP groups.
NOTE: To enable LDAP users to use the
PowerFlex GUI or vSphere Plug-in, you must assign all LDAP groups the Monitor role.
Syntax
scli --assign_ldap_groups_to_roles (--ldap_service_id <LDAP_SERVICE_ID> | --ldap_service_name <LDAP_SERVICE_NAME> )
[--administrator_role_dn <LDAP_GROUP_DN> ]
[--security_role_dn <LDAP_GROUP_DN> ]
[--backend_config_role_dn <LDAP_GROUP_DN> ]
[--frontend_config_role_dn <LDAP_GROUP_DN> ]
[--monitor_role_dn <LDAP_GROUP_DN> ]
[--allow_overwrite ]
Parameters
--ldap_service_id
<LDAP_SERVICE_ID>
ID of the LDAP service
--ldap_service_name
<LDAP_SERVICE_NAME>
Name of the LDAP service
--administrator_role_dn
<LDAP_GROUP_DN>
LDAP group that has users with administration privileges
--security_role_dn
<LDAP_GROUP_DN>
LDAP group that has users with security privileges
--backend_config_role_dn
<LDAP_GROUP_DN>
LDAP group that has users with backend configuration privileges
--frontend_config_role_dn
<LDAP_GROUP_DN>
LDAP group that has users with frontend configuration privileges
--monitor_role_dn
<LDAP_GROUP_DN>
LDAP group that has users with monitoring privileges
--allow_overwrite
Overwrites the role's LDAP group
Example
scli --assign_ldap_groups_to_roles --ldap_service_id 0xAABBCCDDEEFF0011 --administrator_role_dn "CN=SIO_GRP_1,OU=SIO_OU_1,DC=ldaps,DC=ecme,DC=com" --monitor_role_dn "CN=SIO_GRP_2,OU=SIO_OU_1,DC=ldaps,DC=ecme,DC=com"