EFA users are validated with Unix
authentication and LDAP and managed with Role-based Access Control (RBAC).
EFA validates users and their credentials with the following mechanisms:
Unix authentication (local and
remote) on the host where EFA is installed. Host credentials are the default
validation method if LDAP validation fails.
External LDAP server. Users
configured in LDAP use their LDAP credentials to log in to EFA.
After EFA is deployed, the installing user has the role of SystemAdmin and has complete
access to EFA functionality. For installation on TPVM, this user has the user name of
‘extreme‘.
By default, no other host OS users can access EFA unless the SystemAdmin assigns the
appropriate roles.
LDAP supports three modes for fetching the roles assigned to a user.
The role is available as an attribute in the user Distinguished Name (DN) entry.
Group attribute definition is not needed.
The user has a "memberOf" attribute or any appropriate group DN attribute to
identify the groups assigned to the user. Assign the corresponding LDAP group to
a role in EFA.
LDAP groups have user entries in their group definitions. Assign the LDAP groups
to roles in EFA.
