Filter
Top Products
April 2006, ADIC 7
Configuring LDAP
The following information describes how to configure the new StorNext LDAP feature in addition to outlining
recent changes to Windows configuration tools.
Using LDAP
SNFX 1.3 introduces support for Light Directory Access Protocol, or LDAP (RFC 2307). This feature allows
customers to use Active Directory/LDAP for mapping Windows User ID's (SIDs) to UNIX User ID/Group
ID's.
Changes to "Nobody" mapping
As with previous releases, if a Windows user cannot be mapped to a Unix ID, the user is mapped to Nobody.
SNFX 1.3 allows administrators change the value of Nobody by using the file system configuration
parameters:
UnixNobodyUidOnWindows 60003
UnixNobodyGidOnWindows 60004
These parameters are located in the file system configuration file on the server and are manually modified
by the Xsan Administrator GUI.
Changes to UNIX File & Directory Modes
When a file or directory is created on Windows, the UNIX modes are now controlled by the following file
system configuration parameters:
UnixDirectoryCreationModeOnWindowsDefault 0755
UnixFileCreationModeOnWindowsDefault 0644
In previous releases StorNext used per user mode masks. SNFX 1.3 allows one set of values for all users
of each file system.
LDAP Refresh Timeout
Due to the changes in the Windows Active Directory user mappings, services for UNIX can take up to 10
minutes to be propagated to StorNext clients.
User ID Mapping Precedence
If multiple mappings are found for a given Windows user, the following precedence takes place:
• NIS/PCNFSD - If mapping exists
• Fabricated ID's - If configured "on"
• LDAP/RFC 2307 - If defined in Active Directory
• Nobody - If no other mapping found
Note
The default values allow more open access to Windows-created files from
UNIX systems than in previous versions. Administrators can manually change
these values in the file system configuration file on the server or use the
Windows or Web GUI.