+ search result DN: cn=hardware,ou=groups,dc=ldaptest,dc=3par,dc=com
+ search result:
+ mapping rule: super mapped to by software
+ rule match: super mapped to by software
+ mapping rule: edit mapped to by engineering
+ rule match: edit mapped to by engineering
+ mapping rule: browse mapped to by hardware
+ rule match: browse mapped to by hardware
user 3paruser is authenticated and authorized
The example above corresponds to
following hierarchy of groups:
◦
Engineering
◦
Software
◦
Eng
◦
Golfers
In this example, 3PARuser is not yet authenticated or authorized because 3PARuser's
group-to-role mapping has not been configured.
Configuring Group-to-Role Mapping Parameters
Once you have configured the group location parameters, you must now decide what role you
wish to assign the users for a given group. To configure group-to-role mapping:
1.
Issue the setauthparam <map-param> <map-value> command, where:
<map-param> is one of the following:
◦
◦
◦
◦
◦
◦
◦
◦
<map-value> is the group to which the user has membership. You can specify multiple
groups with multiple <map-value> arguments.
For Active Directory, the group is displayed as a string of information, as shown in the
following example:
CN=Software,CN=Users,DC=ACME,DC=com
NOTE:
as Authorization Groups.
2.
Repeat
Step 1
that user has membership.
26
Managing User Accounts and Connections
cn: hardware
super-map—provides Super user rights within the specified group.
service-map—provides Service user rights within the specified group.
edit-map—provides Edit user rights within the specified group.
browse-map—provides Browse user rights within the specified group.
create-map—provides Create user rights within the specified group.
basic_edit-map—provides Basic Edit user rights within the specified group.
3PAR_AO-map—provides 3PAR AO user rights within the specified group.
3PAR_RM-map—provides 3PAR RM user rights within the specified group.
The HP 3PAR Management Console (HP 3PAR MC) refers to <map-param> specifiers
above if you wish to assign users a different role for another group to which
Step
6, and shows that 3PARuser is a member of the