The SAN File System administrative agent relies on your LDAP installation to authenticate and authorize each administrative operation based on your authentication model. This support requires that the LDAP service be readily available when an administrator command is issued. If the LDAP service cannot be reached, the administrative operation fails with an authentication error. Therefore, you need to ensure that your LDAP service has high availability.
SAN File System requires some configuration of the LDAP server to use LDAP to authenticate SAN File System administrators. In general, this configuration requires that you provide the following types of information:
You define these four roles in the LDIF file. You can change the default values of these roles to values that are unique to your organization.
You can use the worksheet in Table 1 to compile this information. You also need to import an LDIF file.
Description | Example value | Your value |
---|---|---|
IP address | 9.42.164.125 | |
Port numbers | 389 insecure; 636 secure | |
Authorized LDAP user name | cn=root | |
Authorized LDAP password | secret (default for IBM® Directory Server) | |
Attribute containing login user ID | uid for IBM Directory Server and OpenLDAP; sAMAccountName for MS Active Directory | |
Role parent DN | dn: ou=Roles, o=yourOrg objectclass: organizationalUnit | |
Attribute containing role name | cn | |
Attribute for role occupants | roleOccupant for IBM Directory Server and OpenLDAP; description for Microsoft® Active Directory |
LDIF file
LDAP configurations are specified in a format known as LDAP Data Interchange Format (LDIF).Configuring LDAP using IBM Directory Server Version 5.1
This topic lists the overall steps that must be performed when configuring an LDAP server using IBM Directory Server Version 5.1 with SAN File System.Configuring LDAP using OpenLDAP
This topic lists the overall steps that are required when configuring an LDAP server using OpenLDAP.Configuring LDAP using Microsoft Active Directory LDAP
These instructions illustrate a simple method of configuring Active Directory to be used as the LDAP architecture for SAN File System. You can either use these instructions to get Active Directory running to support SAN File System, or to understand one way to configure SAN File System to work with your Active Directory environment.
Parent topic: Preparing your environment
Related information
Configuring LDAP using OpenLDAP
Configuring LDAP using IBM Directory Server Version 5.1
Configuring LDAP using Microsoft Active Directory LDAP