Skip to main content
NetApp Knowledge Base

How does LDAP name-mapping work?

Views:
895
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
nas
Last Updated:

Applies to

  • ONTAP 9
  • LDAP
  • name-mapping

Answer

  • ONTAP 9 uses an ns-switch database to determine how to process name-mapping
  • For user lookups or symmetric name-mapping, LDAP should be specified as a source for passwd and group
    • This enables implicit mapping to utilize LDAP
    • Windows users are mapped 1-to-1 by their username, eg "user1" is unix user "user1"
    • LDAP is only queried to verify "user1" exists, and if so, the unix account attributes and unix group memberships
    • LDAP should not be specified as a source for namemap for this usecase
  • If asymmetric name-mapping is needed, LDAP can be configured to handle this
    • This can serve as a replacement for the "vserver name-mapping" rules used for win-unix or unix-win explicit mapping
    • The LDAP client schema in ONTAP specifies which attributes to query to identify a corresponding unix or Windows user account
    • Attributes must be defined for Windows and Unix users
    • LDAP should be specified as a source for namemap for this usecase
    • See TR-4835 Use of LDAP to serve name mapping rules for more information

 

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.