LDAP Authentication for IBM DS8000 Systems Updated for DS8000 Release 9.1

LDAP Authentication for IBM DS8000 Systems Updated for DS8000 Release 9.1

Front cover LDAP Authentication for IBM DS8000 Systems Updated for DS8000 Release 9.1 Bjoern Wesselbaum Claudio Di Celio Bert Dufrasne Connie Riggins Robert Tondini Alex Warmuth Redpaper IBM Redbooks LDAP Authentication for IBM DS8000 Systems March 2021 REDP-5460-01 Note: Before using this information and the product it supports, read the information in “Notices” on page vii. Second Edition (March 2021) This edition applies to IBM DS8900F storage systems that are available with IBM DS8000 Licensed Machine Code (LMC) 7.9.10 (bundle version 89.10.xx.x), referred to as Release 9.1 or later. © Copyright International Business Machines Corporation 2018, 2021. All rights reserved. Note to U.S. Government Users Restricted Rights -- Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. Contents Notices . vii Trademarks . viii Preface . ix Authors. ix Now you can become a published author, too! . .x Comments welcome. .x Stay connected to IBM Redbooks . xi Chapter 1. IBM DS8000 user authentication. 1 1.1 Introduction to the DS8000 user authentication . 2 1.2 Storage Authentication Service by using CSM as an LDAP proxy . 2 1.3 Remote authentication by using the native implementation . 4 1.4 Benefits of using remote authentication for a DS8000 system . 5 1.5 Determining the remote authentication solution . 5 Chapter 2. Lightweight Directory Access Protocol for IBM DS8000 administrators . 7 2.1 Directory services and LDAP . 8 2.2 Basic LDAP and directory services terms explained. 9 2.2.1 Directory entry. 9 2.2.2 Groups . 10 Nested groups . 12 2.2.3 The directory structure . 12 Search Base of the directory tree . 13 2.2.4 LDAP filter. 14 2.3 LDAP binding and authentication . 14 2.3.1 Simple bind . 14 2.3.2 Anonymous bind . 15 2.3.3 Direct bind and authentication . 15 Chapter 3. IBM DS8000 user management . 17 3.1 DS8000 basic user management and access. 18 3.1.1 Users and roles. 18 Predefined default users and passwords. 18 Predefined user roles. 19 3.1.2 Basic user management . 22 Adding a user by using the DS GUI. 22 Adding user by using the DS CLI. 25 3.2 Customized user roles and considerations . 27 3.2.1 Creating a customized user role by using the DS GUI . 27 3.2.2 LDAP considerations with customized user roles . 31 3.3 Planning for LDAP user groups and mappings . 31 3.3.1 Local administrator user ID considerations with LDAP . 31 Unlocking a DS8000 admin account . 32 3.3.2 Security administrator mapping considerations . 35 3.3.3 Users and user groups on a remote authentication server . 36 Chapter 4. IBM DS8000 GUI implementation . 39 4.1 Configuring remote authentication by using the GUI . 40 4.1.1 Starting the wizard . 40 © Copyright IBM Corp. 2018, 2021. All rights reserved. iii 4.1.2 Remote Authentication type . 41 4.1.3 LDAP server type . 42 4.1.4 LDAP Servers access . 42 Securing the connection . 43 4.1.5 Configuring the access mode . 45 4.1.6 Configure Lookup Method. 46 4.1.7 Enable Local Administrator window . 48 4.1.8 Authentication mapping . 48 4.1.9 Special consideration for secadmin users. 49 4.1.10 Administrator verification. 49 4.2 Modifying an existing configuration . 52 4.2.1 Changing the user mappings . 53 4.2.2 Changing the LDAP server configuration . 53 4.3 Enabling local authentication . 54 4.4 Exporting and importing the configuration. 54 4.4.1 Exporting the configuration . 54 4.4.2 Importing the configuration . 55 Chapter 5. Implementing LDAP by using the DS Command-Line Interface . 59 5.1 Overview . 60 5.2 Creating a truststore for a secure LDAP connection. 60 5.3 Creating a remote authentication policy . 62 5.4 Testing and activating a remote authentication policy . 66 5.5 Managing remote authentication policies by using the DS CLI. 67 5.6 Special considerations for security administrators . 70 5.7 Special considerations for resource groups . 71 Chapter 6. Implementing LDAP with directory services . 73 6.1 OpenLDAP . 74 6.1.1 Overlays . 74 6.1.2 Group definition. 74 6.2 Microsoft Active Directory . 75 6.2.1 Binding . 75 6.2.2 Nested group support . ..

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    172 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us