3PAR LDAP Configuration


I have put together a little script (CLI) to setup LDAP/AD authentication for the 3PAR array. After the jump I have laid out all the commands. If you have any questions on using the script please post a comment. If not please use at your own risk. Note the first line of code clears out your current authentication configuration. The parts in bold are what you will need to change, everything else should remain the same in a standard Windows environment. Make sure your kerberos-realm matches AD (it is case sensitive). After you are done running the script with your personal settings you can check the results from the CLI by typing checkpassword <username> and enter your password in the prompt. The array will return the results for a successful LDAP lookup if the settings were entered correctly. Enjoy the script after the jump!

setauthparam -f -clearall

setauthparam -f ldap-server 192.168.1.100

setauthparam -f ldap-server-hn dc1.yourdomain.com

setauthparam -f kerberos-realm yourdomain.com

setauthparam -f binding sasl

setauthparam -f sasl-mechanism GSSAPI

setauthparam -f accounts-dn “OU=Users,DC=yourdomain,DC=com”

setauthparam -f account-obj user

setauthparam -f account-name-attr sAMAccountName

setauthparam -f memberof-attr memberOf

setauthparam -f super-map “CN=3PARadmingroup,OU=groups,DC=yourdomain,DC=com”

setauthparam -f browse-map “CN=3PARreadonlygroup,OU=groups,DC=yourdomain,DC=com”