No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Installation Guide

OceanStor 5000, 5000F, 6000, and 6000F V5 Series V500R007

This document is applicable to OceanStor 5110 V5, 5110F V5, 5300 V5, 5300F V5, 5500 V5, 5500F V5, 5600 V5, 5600F V5, 5800 V5, 5800F V5, 6800 V5, and 6800F V5 storage systems. It describes hardware installation of those storage systems for helping you easily and quickly finish the installation.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Adding a Storage System to a Domain (Applicable to V500R007C30)

Adding a Storage System to a Domain (Applicable to V500R007C30)

Users are allowed to log in to a storage system in domain authentication mode after a domain server is configured. This section describes how to configure a domain server. A storage system supports four LDAP domains.

Prerequisites

The LDAP domain server or Windows AD domain server has been deployed.

Procedure

  1. Log in to DeviceManager.
  2. Choose Settings > Permission Settings > Domain Authentication Server Settings.
  3. Configure an LDAP server.

    1. Select the ID of the domain authentication server that you want to configure and click Properties.
      NOTE:

      If you select LDAP, go to 3.b. If you select LDAPS, ensure that the CA certificate files of domain authentication servers described below have been imported into storage systems.

      • If you select domain authentication server 0, ensure that the storage system has the CA certificate of Domain authentication certificate.
      • If you select domain authentication server 1, ensure that the storage system has the CA certificate of Domain authentication extension certificate 1.
      • If you select domain authentication server 2, ensure that the storage system has the CA certificate of Domain authentication extension certificate 2.
      • If you select domain authentication server 3, ensure that the storage system has the CA certificate of Domain authentication extension certificate 3.

      For details, see "Managing the Security Certificate" in the Security Configuration Guide specific to your product.

    2. Click Add.

      The Add IP Address dialog box is displayed.

    3. In IP Address, enter the IP address of the LDAP server to be added.
    4. Click OK.

      The IP address is added to the IP Address list.

      NOTE:

      To remove an IP address, select the IP address from the IP Address list and click Remove.

    5. Set basis parameters of the LDAP server. Table 10-7 describes related parameters.

      Table 10-7 LDAP server parameters

      Parameter

      Description

      Value

      Port

      Port number of a server.

      The default port number of the LDAP server is 389, and the default port number of the LDAPS server is 636.

      [Value Range]

      The value ranges from 1 to 65535.

      [Example]

      636

      Server Type

      Type of a server.

      Client hierarchy information is stored on an LDAP server. Users are authenticated by the LDAP server when they attempt to access shares.

      [Value Range]

      The value can be Windows AD domain server or LDAP server.

      [Example]

      LDAP server

      Protocol

      Encryption protocol.

      NOTE:
      • Security risks arise if the protocol is set to LDAP. You are advised to select the LDAPS protocol.
      • Before selecting the LDAPS protocol, import the CA certificate file for the LDAP domain server.

      [Value Range]

      The value can be LDAP or LDAPS.

      [Example]

      LDAPS

      Base DN

      Root directory of a server.

      Each entry stored in LDAP databases requires a unique identification. The unique identification of each entry in LDAP databases is called its Distinguished Name (DN). The top hierarchy in an LDAP directory tree is called the Base DN.

      [Example]

      cn=My Application,ou=applications,dc=bigcorp,dc=com

      Bind DN

      Name of a bond directory.

      The LDAP client initiates a connection request and attempts to establish a session with the LDAP server. This process is also known as binding. During the binding, the client can specify users for them to access directory information on the server. To access content, you must search in this directory.

      [Value Range]

      The default access account is an administrator account. If you use other account, you need to ensure that it has permissions of accessing to the domain service of the LDAP server. An account name cannot contain any spaces.

      [Example]

      cn=My Application,ou=applications,dc=bigcorp,dc=com

      Bind Password

      Password for accessing the bond directory.

      [Value Range]

      It must contain 1 to 63 characters.

      [Example]

      password

      Confirm Bind Password

      Confirm the password for accessing the bond directory.

      NOTE:

      Confirm Bind Password must be consistent with Bind Password.

      [Example]

      password

      User Directory

      Directory of a created domain user.

      NOTE:

      You can obtain the User Directory using the following methods:

      [Example]

      ou=Users,dc=bigcorp,dc=com

      Group Directory

      Directory of a created domain user group.

      [Example]

      ou=Groups,dc=bigcorp,dc=com

    6. Click Advanced and set advanced parameters of the LDAP server. Table 10-8 describes related parameters.

      Table 10-8 LDAP server advanced parameters

      Parameter

      Description

      Value

      User ID Properties

      ID properties of a user. This parameter defines the ID of a storage user object and allows the query of a specific user based on the given ID.

      [Example]

      uidNumber

      [Default]

      • uidNumber (LDAP server)
      • uSNCreated (AD server)

      User Name Properties

      Name properties of a user. This parameter defines the name of a storage user object and allows the query of a specific user based on the given name.

      [Example]

      uid

      [Default]

      • uid (LDAP server)
      • sAMAccountName (AD server)

      User Object Type

      Type of a user object. Each entry under the LDAP directory is associated with one or more object types, including user, group, email, and maintenance terminal.

      [Example]

      posixAccount

      [Default]

      • posixAccount (LDAP server)
      • user (AD server)

      Group ID Properties

      ID property of a group. A group can be composed of many users. This parameter defines the ID of a storage group object and allows the query of a specific group based on the given ID.

      [Example]

      gidNumber

      [Default]

      • gidNumber (LDAP server)
      • uSNCreated (AD server)

      Group Name Properties

      Name property of a group. This parameter defines the name of a storage group object and allows the query of a specific group based on the given name.

      [Example]

      cn

      [Default]

      • gidNumber (LDAP server)
      • sAMAccountName (AD server)

      Group Member Properties

      Member property of a group. This parameter defines a member of a storage group.

      [Example]

      uniqueMember

      [Default]

      • uniqueMember (LDAP server)
      • member (AD server)

      Group Object Type

      Type of a group object. Each entry under the LDAP directory is associated with one or more object types, including user, group, email, and maintenance terminal.

      [Example]

      groupOfUniqueNames

      [Default]

      • groupOfUniqueNames (LDAP server)
      • group (AD server)
      NOTE:

      To restore a server to default settings, click Restore Default Settings.

  4. Confirm the operation.

    1. Click Save.

      The Execution Result dialog box is displayed, indicating that the operation succeeded.

    2. Click Close. You have completed the server settings.
    NOTE:

    After you have finished configuring the LDAP server on the storage system side, you need to log in to the storage system using the LDAP user name or LDAP user group name. Therefore, you need to create the LDAP user name or LDAP user group name on the storage system.

  5. To add more domain servers, repeat step 3 and step 4.
Translation
Download
Updated: 2019-07-11

Document ID: EDOC1000181531

Views: 92884

Downloads: 857

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next