If you store your user database on an LDAP server, you can grant users in LDAP groups access to the storage system and map them to specified roles on the system to manage their access.
The security.admin.authentication option specifies where the system finds authentication information for administrative user accounts. By default, it includes internal, which means the system’s local administrative repository. Adding nsswitch to the option enables the system to also use the repositories found in the nsswitch.conf file.
For more information about the security.admin.authentication option, see the na_options(1) man page. For information about configuring LDAP services and the nsswitch.conf file, see the Data ONTAP File Access and Protocols Management Guide for 7-Mode.
For instance, ldapgroup1 is mapped to role1, ldapgroup2 to role2, and ldapgroup3 to role3.
The role can be a predefined role or one that you create by using the useradmin role add command.
For more information about the option, see the na_options(1) man page.
The following example grants LDAP users in the ldapgrp1 group capabilities defined in the power role, LDAP users in the ldapgrp2 group full administrative capabilities, and LDAP users in the ldapgrp3 group capabilities defined in the audit role:
system> options security.admin.nsswitchgroup ldapgrp1:power,ldapgrp2, ldapgrp3:audit