Access Control with LDAP

Lightweight Directory Access Protocol (LDAP) provides external authentication server support. LDAP allows you to set up user groups on a central LDAP server. You can authenticate these users and allow them to log in to storage arrays. The authorization parameters determine which role is assigned to the user.

You can have up to three LDAP servers. One is the primary server and the other two are secondary servers. The secondary servers are optional. If you have a secondary server, then, if the primary server fails, the secondary server can be used for authentication.

The secondary servers are in listen-only mode. The primary server replicates data to them. You cannot use the secondary servers for load-balancing.

NOTE: Secondary servers must use the same security certificate as the primary server.

Microsoft Active Directory provides an LDAP service. This service allows you to use LDAP to connect to Active Directory server.

NOTE: Currently the array supports either LDAP or Active Directory as the external authentication service. You can switch between LDAP and Active Directory, but you cannot run both protocols at the same time.

You can set up LDAP using the array GUI or the array CLI.