Symantec Product Authentication Service (AT) supports LDAP (Lightweight Directory Access Protocol) user authentication through a plug-in for the authentication broker. AT supports all common LDAP distributions such as OpenLDAP and Windows Active Directory.
For a cluster that runs in secure mode, you must enable the LDAP authentication plug-in if the VCS users belong to an LDAP domain.
If you have not already added VCS users during installation, you can add the users later.
See the Veritas Cluster Server Administrator's Guide for instructions to add VCS users.
Figure: Client communication with LDAP servers depicts the SFCFSHA cluster communication with the LDAP servers when clusters run in secure mode.
The LDAP schema and syntax for LDAP commands (such as, ldapadd, ldapmodify, and ldapsearch) vary based on your LDAP implementation.
Before adding the LDAP domain in Symantec Product Authentication Service, note the following information about your LDAP environment:
The type of LDAP schema used (the default is RFC 2307)
UserObjectClass (the default is posixAccount)
UserObject Attribute (the default is uid)
User Group Attribute (the default is gidNumber)
Group Object Class (the default is posixGroup)
GroupObject Attribute (the default is cn)
Group GID Attribute (the default is gidNumber)
Group Membership Attribute (the default is memberUid)
URL to the LDAP Directory
Distinguished name for the user container (for example, UserBaseDN=ou=people,dc=comp,dc=com)
Distinguished name for the group container (for example, GroupBaseDN=ou=group,dc=comp,dc=com)