The storage server supports mixed mode access for file systems, meaning that a mapping is required between the file system permissions and owners in order to ensure consistent security and access. NIS/LDAP services allow the server to locate and map users and permissions based on an existing NIS/LDAP service on the network, instead of creating a local account on the storage server.
- RFC 2307 / RFC 2307bis schemas
RFC 2307 defines a standard convention for the storage and retrieval of user and group mapping information from an LDAP server. If your site uses the RFC 2307 (or RFC 2307bis) schema, and you configure your storage server/cluster to support both mixed mode operations and LDAP services, it is assumed that you have already loaded the RFC 2307 schema into your directory, and that you have already provisioned the user objects appropriately. This is the default method.
- Microsoft Active Directory schema
This setting configures your server to operate with Microsoft Active Directory 2012 and newer using the default Active Directory schema.
You can also configure the server to operate with two deprecated Microsoft LDAP services:
- Microsoft Windows Services for UNIX (SFU) schema
- Microsoft Identity Management for UNIX (IMU) schema
Objects that: | RFC 2307 Class | Active Directory Class (also IMU and SFU) | Map to NIS Class |
---|---|---|---|
Describe user accounts | posixAccount | user | posixAccount |
Describe the group identifier | posixGroup | group | posixGroup |
Attributes for: | RFC 2307 Attribute | Active Directory Attribute | Services for UNIX Attribute | Identity Management for Unix Attribute | Map to NIS Attribute |
---|---|---|---|---|---|
User ID/login name
|
uid | sAMAccountName | sAMAccountName | uid | memberUid |
User ID number | uidNumber | uidNumber | msSFU30UidNumber | uidNumber | uidNumber |
Group name | cn | sAMAccountName | cn | cn | memberNisNetgroup |
Group ID number | gidNumber | gidNumber | msSFU30GidNumber | gidNumber | gidNumber |
To track indexing performance, you can use the ldap-stats command, which permits you to monitor response times for LDAP queries. It is necessary to first let the storage server complete some successful user lookups so that some statistical data can be gathered. In a short period of time, however, you should be able to determine whether any of the attributes are not indexed.