Dell PowerFlex v3.6.x User Roles and LDAP Usage Technical Notes

You can save the properties for up to eight LDAP servers. When adding multiple LDAP servers, ensure that the list for each parameter in the reset_ldap_properties command contains the same number of entries. Separate between entries in each list with an ";".

Syntax

FOSGWTool.sh  --reset_ldap_properties [--server_url_list <URL_LIST> --base_dn_list <BASE_DN_LIST> --group_name_list <GROUP_NAME_LIST> [--dn_format_list <DN_FORMAT_LIST>] [--filter_list <FILTER_LIST>] [--authorizer_dn_list <AUTHORIZER_DN_LIST>] [--authorizer_password_list <AUTHORIZER_PASSWORD_LIST>] [--create_default_lockbox]

Parameters

--server_url_list<URL>

(Mandatory.) List of LDAP server URLs:

<ldap-schema>://<ldap-hostname>: <port-number>

Where:

<ldap-schema>

Defines the connection protocol:

• LDAPS for secure connection (recommended) , or
• LDAP for non-secured TCP connection

<ldap-hostname>

LDAP hostname

<port-number>

LDAP service port (optional)

Example: ldaps://win12r2-dc.ldaps.local;ldap://win08r2-dc.ldap.local

--base_dn_list <BASE_DN>

(Mandatory.) List of base Distinguished Names (DN) of users in domains.

NOTE:On Active Directory Windows servers, use the dsquery tool to find LDAP Base DN information. To see available options, in the command line type dsquery /?

On Linux servers, from the command line, use ldapsearch. (Ldapsearch may need to be installed.)

--group_name_list <GROUP_NAME>

(Mandatory.) List of LDAP groups that contain users with administration privileges

--dn_format_list <FORMAT>

(Optional.) List of DN (Distinguished Names) formats. Relevant only for Linux servers. If not defined, default is used.

--filter_list <FILTER>

(Optional.) List of filters (Distinguished Names). Relevant only for Linux servers. If not defined, default is used.

--authorizer_dn_list <USER_DN>

(Optional.) List of user DNs that are authorized to perform an LDAP server search

--authorizer_password_list <PASSWORD>

(Mandatory if --authorizer_dn_list is define.) List of passwords corresponding to the list of Authorizer DNs. Because list items are separated with a semi-colon (;), passwords cannot contain the ";" character.

--i_am_sure

Gives preemptive approval to the command

--create_default_lockbox

Creates a lockbox with a random passphrase if one doesn't already exist

Single LDAP server example

FOSGWTool.sh --reset_ldap_properties --server_url_list "ldap://server.ldap.com" --base_dn_list "dc=ldap,dc=com" --group_name_list "cn=scaleio_QA,ou=People,dc=ldap,dc=com" --dn_format_list "CN=<USER>,OU=People,DC=ldap,DC=com" --filter_list "(&(objectClass=*)(cn=<USER>)(memberOf=<GROUP>))

Multiple LDAPS server examples

FOSGWTool.sh  --reset_ldap_properties --i_am_sure --server_url_list "ldap://win12r2-dc.ldaps.local;ldap://server.ldap.com" --base_dn_list "DC=ldaps,DC=local;dc=ldap,dc=com" --group_name_list "CN=SIO_GRP_1,OU=SIO_OU_1,DC=ldaps,DC=local;cn=scaleio_QA,ou=People,dc=ldap,dc=com" --dn_format_list ";CN=<USER>,OU=People,DC=ldap,DC=com" --filter_list ";(&(objectClass=*)(cn=<USER>)(memberOf=<GROUP>))

When adding multiple LDAP servers, ensure that the list for each parameter in the --reset_ldap_properties command is the same length. Items in lists should be separated with a ";".