- Notes, cautions, and warnings
- PowerFlex LDAP
- PowerFlex authentication and user roles
- Command authorization
- Preparing PowerFlex nodes for use with LDAP
- Configuring LDAP authentication on the PowerFlex MDM
- Configuring LDAP authentication on the PowerFlex Gateway
- Configuring LDAP authorization on the LIA
Dell PowerFlex v3.6.x User Roles and LDAP Usage Technical Notes
Configure LDAP authentication on an MDM node
Use the following procedure to configure LDAP authentication using the PowerFlex CLI (SCLI). The actual command syntax should match your system's environment.
About this task
For instructions on accessing the CLI and a detailed explanation of the commands and their parameters, see CLI command details.
Steps
-
Add the LDAP service to the MDM:
scli --add_ldap_service --ldap_service_uri <URI> --ldap_base_dn <LDAP_DN> [--ldap_fqdn <FQDN>] [--ldap_service_name <LDAP_NAME>] [--username_dn_format <FORMAT>] [--search_filter_format <FORMAT>] [--authorizer_dn <USER_DN>] [--authorizer_password <PASSWORD>]
NOTE:Configuring multiple LDAP servers with the same base DN is not supported. -
Assign the LDAP groups to roles:
scli --assign_ldap_groups_to_roles (--ldap_service_id <LDAP_SERVICE_ID> | --ldap_service_name <LDAP_SERVICE_NAME>) [--administrator_role_dn <LDAP_GROUP_DN>] [--security_role_dn <LDAP_GROUP_DN>] [--backend_config_role_dn [--frontend_config_role_dn <LDAP_GROUP_DN>] [--monitor_role_dn <LDAP_GROUP_DN>] <LDAP_GROUP_DN>] [--allow_overwrite ]
NOTE:You can assign only one LDAP group to each role. -
Set the user authentication method:
scli --set_user_authentication_method (--ldap_authentication | --native_authentication | --native_and_ldap_authentication | allow_ldap_without_admin) [--i_am_sure]
-
Verify the configuration:
scli --query_user_authentication_properties
Ensure that the output matches your system environment and no errors are displayed. For example:------------------------------------------------------------ User authentication method: Native and LDAP System has 1 configured LDAP services ------------------------------------------------------------ LDAP service ID: 226521b800000000 LDAP service name: linux_ldap LDAP service URI: ldaps://server.ldap.com Users base DN: dc=ldap,dc=com FQDN: ldap.com User search filter: (&(objectClass=userSecurityInformation)(cn=[USER])(memberOf=[GROUP])) Username DN format: CN=[USER],OU=People,DC=ldap,DC=com LDAP service has 1 configured groups. Role: Administrator Group DN: cn=scaleio_QA,ou=People,dc=ldap,dc=com ------------------------------------------------------------
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\