The storage system must be configured to have only 1 emergency account which can be accessed without LDAP, and which has full administrator capabilities.
While LDAP allows the storage system to support stronger authentication and provides additional auditing, it also places a dependency on an external entity in the operational environment. The existence of a single local account with a strong password means that administrators can continue to access the storage system in the event the LDAP system is temporarily unavailable.
Display users with the following command: cli% showuser If the accounts "3parbrowse", "3paredit", or "3parservice" exist, see HP3P-32-001504 for removal instructions specific to these accounts. If the account "3parcimuser" exists see HP3P-32-001002 for removal instructions specific to that account. Otherwise, remove all accounts except "3paradm", "3parsvc", "3parsnmpuser", and "3parcimuser" using the following command: cli% removeuser <username> Confirm the operation with "y".
Verify that only essential local accounts are configured. Enter the following command: cli% showuser If the output shows users other than the four accounts below, this is a finding: 3paradm 3parsvc 3parsnmpuser 3parcimuser