Role mapping

Connection and User Mapping configure the way a username is mapped to an LDAP entry. Role Mapping configures the ways in which users are granted roles.

Role Mapping Rules are used to place a user into one or more roles in the HP IO Accelerator Management Tool: User, Device Admin, or Server Admin.

Each role mapping is essentially an LDAP search specification along with a Role. When the search specification is true (returns one or more entries) for a user, then that user is granted the Role.

To create a new role mapping:

1.Click Add Role Mapping.

2.Enter a name for this mapping in the Name field. This name lets you identify the role mapping later if you decide to edit it. For example: Administrators.

3.Enter a DN in the Search Base DN field.

This could be the DN of some container, or a specific DN such as that of a group, for example,

CN=administrators,OU=groups,DC=example,DC=com. The special value ${dn can be used to set the search base DN to the user's LDAP entry. This is useful when creating a role mapping based of the user's attributes, such as memberOf.

4.Enter an LDAP search filter in the Search Filter field.

The search filter can contain the special values ${username,}which is replaced by the name the user logged in with, or ${dn}, which is replaced by the DN of the logged-in user's LDAP entry). For example, a search filter of (member=${dn}) matches true for entries where there is a member attribute that has the logged-in user's DN as a value (common in group entries).

5.Set the Scope.

If the Search Base DN names a specific entry in the LDAP tree, the scope should be Base level; otherwise it should be either Subtree or One level.

6.Choose the Role to be granted to users meeting the search criteria. For example, if the search criteria matches true for users who are listed in and LDAP group entry full of administrators, set the role to Server Admin.

7.Click Add Role Mapping.

Example Role Mappings

Following are some examples of role mappings that might be configured for different LDAP directory deployments:

Members of the Administrator group are in role Server Admin

1.Set the Search Base DN field to the Administrators group entry. For example:

CN=administrators,OU=groups,DC=example,DC=com.

2.Set the Search Filter: (member=${dn})" (typical for AD) or (uniqueMember=${dn}) (typical for non-AD). If you are unsure which attribute holds the members of the group, you can use the search filter

((member=${dn})(uniqueMember=${dn})).

3.Set the Scope to Base level.

4.Set the Role to Server Admin.

Members of the Administrator group are in role Server Admin (alternate AD config)

Adding and editing LDAP providers 28

Page 27 Page 29
Page 28
Image 28
HP c-Class manual Role mapping, CN=administrators,OU=groups,DC=example,DC=com
Page 27 Page 29

c-Class specifications

The HP c-Class is a series of high-performance blade servers designed to optimize space and improve data center efficiency. These compact systems exemplify HP's commitment to delivering powerful computing solutions that are both scalable and manageable. The c-Class offers an array of features, technologies, and characteristics that cater to diverse business needs, ensuring organizations can keep up with the demands of modern computing environments.

At the heart of the HP c-Class architecture is its innovative blade technology, enabling multiple server blades to reside within a single enclosure. This not only conserves physical space in the data center but also reduces energy consumption, ultimately lowering operational costs. The c-Class enclosure supports a variety of HP server blades, which can be tailored to meet specific workload requirements.

One of the standout features of the HP c-Class is its high-density design, allowing organizations to run numerous processors and substantial memory within a compact footprint. The system supports the latest Intel and AMD processors, offering exceptional processing capabilities. With a modular design, businesses can easily scale up resources by adding more blades as demand increases.

In terms of connectivity, the HP c-Class integrates advanced networking options. It includes embedded Ethernet and Fibre Channel switches, facilitating seamless data transfer and communications while ensuring minimal latency. The built-in redundancy features enhance reliability, making it a robust solution for critical applications.

Power and thermal management are key characteristics of the HP c-Class, with Energy Star compliance underscoring its efficiency. Intelligent power management tools allow for real-time monitoring and optimization, further contributing to reduced energy costs.

HP's Integrated Lights-Out (iLO) technology is another significant advantage. This tool provides remote management capabilities, giving IT personnel the ability to monitor the health and performance of the server blades from anywhere. The iLO feature simplifies troubleshooting and enhances system uptime.

Security features are also woven into the fabric of the HP c-Class. With options for advanced authentication and secure boot processes, organizations can protect their critical data and maintain compliance with local regulations.

In summary, the HP c-Class blade server series delivers a compelling combination of high performance, scalability, and manageability. Its advanced technologies cater to a wide range of applications, making it an ideal choice for businesses seeking to enhance their IT infrastructure while keeping costs in check. The c-Class is not just a product; it represents a strategic approach to efficient, high-capacity computing.
Top Page Image Contents