Setting up LDAP

System Administrator Guide for Virtual Storage Platform E Series

Version
93-07-0x
Audience
anonymous
Part Number
MK-97HM85028-18

Use the following procedure to set up LDAP for external authentication by using the maintenance utility.

CAUTION:
If you specify the IP address of the LDAP directory server in IPv6 address format, do not use the following IP addresses:
  • Invalid value: [::]
  • Loopback address: [::1]
  • Multicast address: [FF00:: - FDFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF]
  • IPv4-mapped IPv6 address: [::FFFF:(IPv4)]
  • Link-local address: [FE80::]
  • Global unicast address: [2001::]
  • Global unicast address: [2002::]
Note: If you create user accounts by using the maintenance utility, you can select whether to use external authentication and authorization servers for each user account. (You can select this in Authentication in the Create User window.) For details about how to create user accounts, see the Help of the maintenance utility.
  • The LDAP directory server must be connected to the management LAN.
  1. Log in to the maintenance utility.
  2. Select Administration > External Authentication > Set Up Server > LDAP.
  3. The Set Up Server (LDAP) window appears. Enter the value for each item.
    For details about each item, see the Help of the maintenance utility.
  4. Confirm the settings, and then click Check for Server Configuration Test.
    Note: When External User Group Mapping is disabled, even if the server configuration test is successful, user accounts cannot access the storage system unless they are registered in the storage system. To allow user accounts that are not registered in the storage system to access the storage system, enable External User Group Mapping. For details about how to set external user group mapping, see External User Group Mapping in the Help of the maintenance utility. For details about how to test server configuration, see Server Configuration Test in the Help of the maintenance utility.
  5. Confirm the test result, and then click Apply.
    If the management port of controller 1 and the management port of controller 2 are connected to different network segments, you might not be able to reach the external authentication server or DNS server. If you are using this network configuration, log in to the maintenance utility from controller 2, and then perform step 2 and step 4.