Configuring an LDAP user for an IBM FlashSystem A9000 or A9000R managed domain

To ensure that proper LDAP authentication is used in an IBM FlashSystem® A9000 or A9000R managed domain, you must prepare a user on the Active Directory server and configure it as the storage admin role on the FlashSystem A9000 or A9000R system.

Before you begin

  • Prepare an operational Microsoft Active Directory service with at least one group and one user for the usage of the storage admin role on the LDAP server. Make a note of the group Distinguished Name (DN) that is generated.
    Note: The following procedure uses a group named A9000_Admins and a user in that group named testUser as examples.

Procedure

First, configure the storage admin role in IBM Hyper-Scale Manager.

  1. Log in to the IBM® Hyper-Scale Manager Web GUI as a storage administrator.
  2. Click Systems & Domains View > Systems.
    The SYSTEM view is displayed.
  3. In the system list pane on the left side of the screen, select the FlashSystem A9000 or A9000R system the LDAP user needs to be configured for.
    The System Properties configuration view for the selected system is displayed on the right.
    Figure 1. Hyper-Scale System Properties configuration view
    This image shows the System Properties configuration view.
  4. Click the LDAP icon.
    The System LDAP configuration view is displayed.
    Figure 2. System LDAP configuration view
    This image shows the System LDAP configuration view.
  5. In the GENERAL section of the System LDAP configuration view, select Server Type: Microsoft Active Directory.
  6. In the USER CREDENTIALS section, define the service user and its password. This user is bound to the Active Directory service. It retrieves credentials data, which is stored in the LDAP directory.
    Figure 3. USER CREDENTIALS section of the System LDAP configuration view
    This image shows the USER CREDENTIALS section of the System LDAP configuration view.
  7. In the ROLE MAPPING section, do the following:
    1. In the Storage Admin Role field, enter the group Distinguished Name (DN) generated prior to beginning this procedure, as in the example shown in Figure 4.
    2. In the Read Only Role field, enter an appropriate group DN, as in the example shown in Figure 4.
    Figure 4. ROLE MAPPING section of the System LDAP configuration view
    This image shows the ROLE MAPPING section of the System LDAP configuration view.
  8. In the LDAP TESTING AND ACTIVATION section, enter the username and password to be used for verifying the LDAP connection, as in the example shown in Figure 5.
    Figure 5. LDAP TESTING AND ACTIVATION section of the System LDAP configuration view
    This image shows the LDAP TESTING AND ACTIVATION section of the System LDAP configuration view.
  9. Click Apply.
    The storage admin role is configured in IBM Hyper-Scale Manager.

Next, configure Spectrum Connect with the user name associated with the storage admin role in IBM Hyper-Scale Manager.

  1. Start IBM Spectrum Connect and go to Setting > Storage Credentials.
    The Storage Credentials dialog box is displayed.
    Figure 6. Storage Credentials dialog box
    This image shows Storage Credentials dialog box.
  2. In the Storage Credentials dialog box, enter the user name defined on the Active Directory server (testUser in the above example), enter a password, and select the Directory account check box to specify that the credentials are stored on the Active Directory server.
  3. Click Apply to finish.