Skip to main content
Sign Out

Welcome to Dell

My Account
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.
Sign In Create an Account Dell Financial Services Premier Sign In Partner Program Sign In
Contact Us

Your Dell.com Carts

Dell PowerFlex v3.6.x User Roles and LDAP Usage Technical Notes

PDF

Example of cross domain authentication

This example demonstrates the configuration performed in PowerFlex.

About this task

The example assumes that a user is a defined user in user_ldap_server. In addition, a group named powerflex_monitor_group is defined in group_ldap_server.

The following steps show how to enable access to PowerFlex systems for users in the user_ldap_server (e.g., John Doe) who are part of the powerflex_monitor_group defined in group_ldap_server.

Steps

  1. Add user_ldap_server as an LDAP service.

    For example: 

    scli --add_ldap_service --ldap_service_uri "ldaps://server.ldap.com" --ldap_base_dn "dc=ldap,DC=com" --ldap_service_name "example_ldap" --username_dn_format "CN=[USER],OU=People,DC=ldap,DC=com" --search_filter_format "(&(objectClass=userSecurityInformation)(cn=[USER])(memberOf=[GROUP]))"
    NOTE:Configuring multiple LDAP servers with the same base DN is not supported.

    Output similar to the following should appear: 

    Successfully added an LDAP service.  Object ID fe97b19a00000000 with Name: linux_ldap, URI: ldaps://server.ldap.com and base DN: dc=ldap,DC=com
  2. Assign the powerflex_monitor_group group to the Monitor role: 
    scli --assign_ldap_groups_to_roles --ldap_service_name "example_ldap" --monitor_role_dn "CN=powerflex_monitor_group,OU=powerflex_ou,DC=group_ldap_server,DC=example,DC=com"

    The following output should appear: 

    Assignment of roles to LDAP groups completed successfully
  3. Check the settings: 
    scli --query_user_authentication_properties

    Output similar to the following should appear: 

    ------------------------------------------------------------
System has 1 configured LDAP services 
------------------------------------------------------------
LDAP service ID: fe97b19a00000000
LDAP service name: example_ldap
LDAP service URI: ldaps://server.ldap.com
Users base DN: dc=ldap,DC=com
LDAP service has 1 configured groups.
   		Role: Monitor
Group DN: CN=powerflex_monitor_group,OU=powerflex_ou,DC=group_ldap_server,DC=example,DC=com
------------------------------------------------------------
  4. Set the authentication method: 
    scli --set_user_authentication_method --native_and_ldap_authentication

    The following output should appear: 

    Authentication method changed successfully
  5. Log in using the desired user name and the assigned authentication mode for the user: 
    scli --login --username "JohnDoe@example.ldaps.local" --password <password> --ldap_authentication

    Output similar to the following should appear: 

    Logged in. User role is Monitor. System ID is 31bf07056dd2f5d7

Rate this content

Accurate
Useful
Easy to understand
Was this article helpful?
0/3000 characters
  Please provide ratings (1-5 stars).
  Please provide ratings (1-5 stars).
  Please provide ratings (1-5 stars).
  Please select whether the article was helpful or not.
  Comments cannot contain these special characters: <>()\