Configuring LDAP
The following information describes how to configure the new StorNext LDAP feature in addition to outlining recent changes to Windows configuration tools.
Using LDAP
SNFX 1.3 introduces support for Light Directory Access Protocol, or LDAP (RFC 2307). This feature allows customers to use Active Directory/LDAP for mapping Windows User ID's (SIDs) to UNIX User ID/Group ID's.
Changes to "Nobody" mapping
As with previous releases, if a Windows user cannot be mapped to a Unix ID, the user is mapped to Nobody. SNFX 1.3 allows administrators change the value of Nobody by using the file system configuration parameters:
UnixNobodyUidOnWindows 60003
UnixNobodyGidOnWindows 60004
These parameters are located in the file system configuration file on the server and are manually modified by the Xsan Administrator GUI.
Changes to UNIX File & Directory Modes
When a file or directory is created on Windows, the UNIX modes are now controlled by the following file system configuration parameters:
UnixDirectoryCreationModeOnWindowsDefault 0755
UnixFileCreationModeOnWindowsDefault 0644
In previous releases StorNext used per user mode masks. SNFX 1.3 allows one set of values for all users of each file system.
Note | The default values allow more open access to | |
UNIX systems than in previous versions. Administrators can manually change | ||
| ||
| these values in the file system configuration file on the server or use the | |
| Windows or Web GUI. |
LDAP Refresh Timeout
Due to the changes in the Windows Active Directory user mappings, services for UNIX can take up to 10 minutes to be propagated to StorNext clients.
User ID Mapping Precedence
If multiple mappings are found for a given Windows user, the following precedence takes place:
•NIS/PCNFSD - If mapping exists
•Fabricated ID's - If configured "on"
•LDAP/RFC 2307 - If defined in Active Directory
•Nobody - If no other mapping found
April 2006, ADIC | 7 |
