Skip to main content
Sign Out

Welcome to Dell

My Account
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.
Sign In Create an Account Dell Financial Services Premier Sign In Partner Program Sign In
Contact Us

Your Dell.com Carts

Dell PowerFlex v3.6.x User Roles and LDAP Usage Technical Notes

PDF

Configuration overview

This topic provides a high-level overview of the CLI commands and special considerations to take into account when configuring LDAP authentication on the MDM. For the specific command syntax, including command parameters, for your LDAP configuration, refer to the relevant tasks immediately following this topic.

Add the LDAP server as a service

Add the LDAP server as a service using the --add_ldap_service command.

Assign the LDAP groups to roles

After the LDAP service is configured, use the --assign_ldap_groups_to_roles command to map the LDAP groups to PowerFlex user roles. Assign an LDAP group to each PowerFlex role. The same LDAP group can be assigned to multiple roles. For an explanation of the different user roles, see PowerFlex authentication and user roles.

The following considerations should be made when assigning groups to roles when LDAP authentication is used:

  • If you want LDAP users to be able to use the PowerFlex GUI or query the system, you must assign an LDAP group to the Monitor role.
  • An LDAP user defined as an Administrator is limited to Administrator operations, such as adding users, but cannot invoke any Configure commands. To overcome this limitation, assign an LDAP group to both the Administrator and Configure roles.
  • If the LDAP user will run NDU (non-disruptive upgrade), assign the user at a minimum to both the Monitor and BackendConfigure user roles.
NOTE:If an LDAP user role is changed, users must log out of PowerFlex and log back in with the updated permissions.

Set the user authentication method

After the LDAP service is set and groups are assigned, use the --set_user_authentication_method command to specify the authentication method with which PowerFlex will authenticate the users.

You may restrict users to only the local domain (native authentication) or to LDAP authentication only, or you can configure the MDM to allow both types of users. This decision should be made at the discretion of the system administrator, and is usually dictated by the security policy of the organization.

NOTE:After the authentication method is set exclusively to LDAP, it cannot be changed easily back to native authentication. In cases where access to the LDAP server is not possible and the authentication method must be changed back to native, see the "Reset the admin user password" procedure described in Configure and Customize Dell PowerFlex

Log in to the system

After configuring the system parameters, you may log in to the system using the scli --login command.

When logging in as a local user, the command must include a user name. When using LDAP, the command should also include the relevant LDAP domain and the LDAP authentication parameter.

Example for local login using native authentication: 

scli --login --username JohnDoe

Example for LDAP login: 

scli --login --username JohnDoe@example.ldaps.local --ldap_authentication

Verify the configuration

The --query_user_authentication_properties command returns the configuration so you can confirm that the configuration is correct.

Rate this content

Accurate
Useful
Easy to understand
Was this article helpful?
0/3000 characters
  Please provide ratings (1-5 stars).
  Please provide ratings (1-5 stars).
  Please provide ratings (1-5 stars).
  Please select whether the article was helpful or not.
  Comments cannot contain these special characters: <>()\