Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document.
Note: Even the most advanced machine translation cannot match the quality of professional translators.
Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Managing Domain Authentication Server of a Storage System (Applicable to V300R006C50 and Later)
This section describes how to configure multiple domain authentication servers.
Context
- A storage system supports a maximum of four domain authentication servers.
- If LDAPS protocol is selected, before configuring domain authentication servers 0, 1, 2, and 3, ensure that the CA certificates of Domain authentication certificate, Domain authentication extension certificate 1, Domain authentication extension certificate 2, and Domain authentication extension certificate 3 scenarios have been imported to the storage system. For details about how to view the imported certificate file, see section "Managing the Security Certificate" in the Security Configuration Guide.
Procedure
For details about how to add a domain authentication server, see section "Configuring Domain Authentication for a Storage System" in the Installation Guide.
Follow-up Procedure
- For a domain user of domain authentication server 0
- The user can log in to DeviceManager of a storage system by typing domain or a combination of the dc fields in the domain authentication server's base DN in Domain Name.
- The user can log in to the CLI of a storage system by typing domain/domain user name or a combination of the dc fields in the domain authentication server's base DN/domain user name.
- For a domain user of domain authentication servers 1, 2, and 3
- The user can log in to DeviceManager of a storage system only by typing a combination of the dc fields in the domain authentication server's base DN in Domain Name.
- The user can log in to the CLI of a storage system only by typing a combination of the dc fields in the domain authentication server's base DN/domain user name.
- If the base DN of the domain authentication server contains only one dc field, the dc field is used as the combination of the dc fields in the domain authentication server's base DN.
For example, if the base DN of the domain authentication server is ou=applications,dc=bigcorp, bigcorp is the combination of the dc fields in the domain authentication server's base DN.
- If the base DN of the domain authentication server contains multiple dc fields, they are combined and then separated by a period (.) to serve as the combination of the dc fields in the domain authentication server's base DN.
For example, if the base DN of the domain authentication server is ou=applications,dc=bigcorp,dc=com, bigcorp.com is the combination of the dc fields in the domain authentication server's base DN.
