Validating the Active Directory and SAN File System configurations

This topic explains how to validate that the Active Directory and SAN File System configurations are set correctly.

Prerequisites

You must complete the steps in Installing Active Directory, Configuring Active Directory, and Configuring SAN File System to use Active Directory before completing this procedure.

Context

In the SAN File System administrative CLI (tanktool), the lsadmuser command lists the contents of Active Directory, relevant to SAN File System, found by the Administrative agent. Compare this listing to the roles and authorized users that you have entered.

Steps

  1. Run the following command:
    ldapsearch –h ldap://LDAP_SERVER/ –w 'password”
    –D “LDAP_USER” -x –b “LDAP_BASEDN_ROLES” '(objectclass=group)'
    On the SAN File System engine, this command uses the LDAP_USER login as described earlier to list all group objects on the domain server, LDAP_ SERVER, that match a LDAP_BASEDN_ROLES object. Based on our example, the command might be:
    ldapsearch -h ldap://128.47.79.140/ -w “password”
    -D “cn=LDAP_Admin,cn=Users,dc=sanfsdom,dc=net”
    -x -b “cn=Users,dc=sanfsdom,dc=net” '(objectclass=group)'
    Here is an example of the output of the command with the details of other groups removed:
    CN=SANFS_Admins,CN=Users,DC=sanfsdom,DC=net
    member=CN=newuser1,CN=Users,DC=sanfsdom,DC=net
    member=CN=IFTEST_USER,CN=Users,DC=sanfsdom,DC=net
    member=CN=stuser,CN=Users,DC=sanfsdom,DC=net
    member=CN=root,CN=Users,DC=sanfsdom,DC=net
    info=This global security group designates users who have SANFS
    Administrator authorization. cn=SANFS_Admins
    description=Administrator
    groupType=-2147483646
    instanceType=4
    distinguishedName=CN=SANFS_Admins,CN=Users,DC=sanfsdom,DC=net
    objectCategory=CN=Group,CN=Schema,CN=Configuration,
    DC=sanfsdom,DC=net
    objectClass=top
    objectClass=group
    objectGUID=NOT ASCII
    objectSid=NOT ASCII
    name=SANFS_Admins
    sAMAccountName=SANFS_Admins
    sAMAccountType=268435456
    uSNChanged=2756
    uSNCreated=2744
    whenChanged=20031106013743.0Z
    whenCreated=20031106005502.0Z
    CN=SANFS_Operators,CN=Users,DC=sanfsdom,DC=net
    cn=SANFS_Operators
    groupType=-2147483646
    instanceType=4
    distinguishedName=CN=SANFS_Operators,CN=Users,DC=sanfsdom,D
    C=net
    objectCategory=CN=Group,CN=Schema,CN=Configuration,DC=sanfs
    dom,DC=net
    objectClass=top
    objectClass=group
    objectGUID=NOT ASCII
    objectSid=NOT ASCII
    name=SANFS_Operators
    sAMAccountName=SANFS_Operators
    sAMAccountType=268435456
    uSNChanged=2787
    uSNCreated=2785
    whenChanged=20031106145326.0Z
    whenCreated=20031106145326.0Z
  2. The '(objectclass=group)' suffix limits the output to Group objects only. Note the member relations shown for the SANFS_Admins group. The entry for SANFS_Operators, by contrast, does not show any members added. A similar command can be run to see the users in the Active Directory domain. The ldapsearch command without any parameters prints a usage statement describing all the command options.

Result

Active Directory is now set up and working correctly with SAN File System.

Parent topic: Configuring LDAP using Microsoft Active Directory LDAP
Previous topic: Configuring SAN File System to use Active Directory

Library | Support | Terms of use | Feedback
(C) Copyright IBM Corporation 2003, 2004. All Rights Reserved.
IBM TotalStorage SAN File System v2.2