- Notes, cautions, and warnings
- Preface
- Introduction
- Access Control
- Access control settings
- Security for management access
- Authentication
- Authorization
- Component access controls
- Data security settings
- Password policy
- Physical security controls
- Login banner and message of the day
- Logging
- Communication Security
- Communication security settings
- Port usage
- Ports used by Unisphere components on VNX for block
- How VNX for file works on the network
- Network encryption
- Management support for TLS communications on VNX2 systems
- SSL certificates
- Planning considerations for Public Key Infrastructure on VNX for file
- IP packet reflect on VNX for file systems
- Effect of filtering management network
- vSphere Storage API for Storage Awareness (VASA) support
- Special configurations
- Secure Remote Procedure Call
- Other security considerations
- Data Security Settings
- Data at Rest Encryption overview
- Data at Rest Encryption feature activation
- Encryption status
- Backup keystore file
- Data in place upgrade
- Hot spare operations
- Adding a disk drive to a VNX with encryption activated
- Removing a disk drive from a VNX with encryption enabled
- Replacing a chassis and SPs from a VNX with encryption enabled
- Security Maintenance
- Advanced Management Capabilities
- Secure deployment and usage settings
- TLS cipher suites
- LDAP-based directory server configuration
- VNX for file CLI role-based access
- VNX for file CLI security configuration operations
- Configuring password policy
- Configuring session timeout
- Protect session tokens
- Configuring network encryption and authentication using the SSL protocol
- Configuring PKI
- Creating the certificate provided by the persona
- Using the Control Station as the CA
- Obtaining CA certificates
- Generate a key set and certificate request
- Send the certificate request to the CA
- Import a CA-signed certificate
- List the available CA certificates
- Acquire a CA certificate
- Import a CA certificate
- Generate a new Control Station CA certificate
- Display the certificate
- Distribute the Control Station CA certificate
- Request and Install Customer-Supplied Certificates for Control Station
- Managing PKI
- Customize a login banner
- Create a MOTD
- Restrict anonymous root login
- Locking accounts after a specific number of failed logins
- VNX for block SSL certificate import
EMC® VNX® Series Security Configuration Guide for VNX
Ldap Admin
Unlike Active Directory, other LDAP-based directory servers do not typically ship with a GUI management interface. In this case you might use a tool like Ldap Admin to find the proper search paths on LDAP servers. The free Ldap Admin tool (a Windows LDAP manager available from ldapadmin.sourceforge.net) lets you browse, search, modify, create, and delete objects on a LDAP server. Ldap Admin’s copy-to-clipboard functionality is especially useful for easily transferring values into the Unisphere Settings > Security (task list) > Manage LDAP Domain fields.
About this task
Information required to connect to a Customized Active Directory or Other Directory LDAP-based directory server lists the information you need for a successful connection to a customized Active Directory or other LDAP-based directory server such as OpenLDAP.
| Required connection information | Your values |
|---|---|
| Fully-qualified domain name (also known as the base distinguished name) | |
| Primary directory server IP address or hostname | |
| Secondary directory server IP address or hostname | |
| Distinguished name (also known as the bind distinguished name) | |
| User search path | |
| User name attribute | |
| Group search path | |
| Group name attribute | |
| Group class | |
| Group member |
Steps
- Start Ldap Admin and create a new connection. Click Test connection to verify the connection.
- Open the connection to the LDAP server, right-click the domain name, and then select Search from the menu.
- Identify an LDAP user who will be a VNX for file user. To locate the user profile, type the user’s name in the Name field and click Start.
- Right-click the appropriate user from the results list, and then select Go to from the menu. You will use this user to determine the user and group search paths. Close the Search window.
- On the main Ldap Admin window, notice that the status bar contains the distinguished name (DN) of the folder in which the user is located. Many LDAP servers follow the convention outlined in RFC2307 and put users in a People container.
- Right-click the folder, and then select Copy dn to clipboard from the menu.
- In the unisphere Manage LDAP Domain view, select the Other Directory Servers option. Paste the DN value in the User Search Path field.
-
Verify that all other VNX for file users use the same path by:
- Repeating the Search for all VNX for file user accounts
or
- Navigating to that area of the directory in Ldap Admin, and locating all VNX for file user accounts
- Repeating the Search for all VNX for file user accounts
- Repeat steps 2 through 8 to search on a group name to find the path to the container in the directory structure where the groups are located. When you search by group name, you have to use an advanced search and supply a search filter in the form cn=<group name>. Once the search is complete, right-click the appropriate group from the results list, and then select Go to from the menu.
-
The LDAP user and group search begins with the path specified, and searches that container and all containers below it. If VNX for file users and groups are not located within the same container or organizational unit, you must use the intersection (common parts) of their collective paths when you specify the user and group search paths. In some cases, this may need to be the root of the domain. For example, assume that VNX for file users are stored in the following two Active Directory locations:
- Path 1: OU=People,DC=openldap-eng,DC=local
- Path 2: OU=VNX Users,OU=EMC VNX, DC=openldap-eng,DC=local
In order for VNX for file to find all users, you need to use the intersection of the two paths as your search path, that is, the domain root DC=openldap-eng,DC=local.
- Use the Search window to locate the user account you will use to connect the VNX for file Control Station to the directory. Right-click the account name, and then select Copy dn to clipboard. Paste the DN value in the Distinguished Name field in the Unisphere Manage LDAP Domain view, for example uid=vnx,ou=People.
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\