We are using Active Directroy for LDAP on our Linux clients. I’d like to set up the filer to be able to resolve the usernames both directions but I’m having a couple of issues. Filers are running 7.3.3. I have had this working before at a previous job but I am missing something & the docs are not quite as helpful as I’d like.

 

1)      I can’t get LDAP working at all (getXXbyYY is not working even though I see the filer connecting to the DC on the appropriate port but I’m missing something.

2)      Not all users have rfc2307 information set, ideally I’d use their samaccountname for both (it always matches).

3)      I am in a multiforest environment, I’d like to use Global Catalogs for my lookups instead of normal DC’s & do it on the GC port so it can retrieve info for any user on my network. This may not be possible, I am not sure.

 

NIS works fine, if I am not able to get this to work I’m either going to have to script a dump of AD to NIS or use the MS tools to do the same thing and do this with a usermap.cfg. Either possibility is ugly so any suggestions would be appreciated.  I’ve tried changing the ldap.minimum_bind_level to simple but it does not appear to help.

 

dr-array02*> options ldap

ldap.ADdomain                          

ldap.base                    dc=site,dc=company,dc=com

ldap.base.group              dc=site,dc=company,dc=com

ldap.base.netgroup                     

ldap.base.passwd             dc=site,dc=company,dc=com

ldap.enable                  on       

ldap.minimum_bind_level      anonymous 

ldap.name                    cn=ldap-auth-proxy,ou=ldap,ou=services,dc=site,dc=company,dc=com

ldap.nssmap.attribute.gecos  gecos     

ldap.nssmap.attribute.gidNumber gidNumber 

ldap.nssmap.attribute.groupname cn        

ldap.nssmap.attribute.homeDirectory unixHomeDirectory

ldap.nssmap.attribute.loginShell loginShell

ldap.nssmap.attribute.memberNisNetgroup memberNisNetgroup

ldap.nssmap.attribute.memberUid memberUid 

ldap.nssmap.attribute.netgroupname cn        

ldap.nssmap.attribute.nisNetgroupTriple nisNetgroupTriple

ldap.nssmap.attribute.uid    uid       

ldap.nssmap.attribute.uidNumber uidNumber 

ldap.nssmap.attribute.userPassword userPassword

ldap.nssmap.objectClass.nisNetgroup nisNetgroup

ldap.nssmap.objectClass.posixAccount posixAccount

ldap.nssmap.objectClass.posixGroup posixGroup

ldap.passwd                  ******    

ldap.port                    389       

ldap.servers                 vm-sitedc01.site.company.com

ldap.servers.preferred                 

ldap.skip_cn_unescape.enable on        

ldap.ssl.enable              off       

ldap.timeout                 20        

ldap.usermap.attribute.unixaccount uid       

ldap.usermap.attribute.windowsaccount sAMAccountName

ldap.usermap.base                      

ldap.usermap.enable          on       

 

 


Please be advised that this email may contain confidential information. If you are not the intended recipient, please notify us by email by replying to the sender and delete this message. The sender disclaims that the content of this email constitutes an offer to enter into, or the acceptance of, any agreement; provided that the foregoing does not invalidate the binding effect of any digital or other electronic reproduction of a manual signature that is included in any attachment.