I'm trying to set up group quotas on a qtree. I'm trying to use unix groups that are stored on an ldap server to control who is in each group. Has anyone done this before? Are there any tools available to help me determine that LDAP is set up correctly?
Thanks,
Mike
_______________________________ Do you Yahoo!? Declare Yourself - Register online to vote today! http://vote.yahoo.com
i know you have to install a recent DOT in order to support unix groups over ldap search "ldap limit(ation)" on now.netapp.com
also type "options ldap" to check all possibilities you have here is a sample output from a DOT 6.5.2P6 : <<
ldap.ADdomain ldap.base ldap.base.group ldap.base.passwd ldap.enable off ldap.name ldap.nssmap.attribute.gecos gecos ldap.nssmap.attribute.gidNumber gidNumber ldap.nssmap.attribute.groupname cn ldap.nssmap.attribute.homeDirectory homeDirectory ldap.nssmap.attribute.loginShell loginShell ldap.nssmap.attribute.memberUid memberUid ldap.nssmap.attribute.uid uid ldap.nssmap.attribute.uidNumber uidNumber ldap.nssmap.attribute.userPassword userPassword ldap.nssmap.objectClass.posixAccount posixAccount ldap.nssmap.objectClass.posixGroup posixGroup ldap.passwd ****** ldap.port 389 ldap.servers ldap.servers.preferred ldap.usermap.attribute.unixaccount unixaccount ldap.usermap.attribute.windowsaccount windowsaccount ldap.usermap.base ldap.usermap.enable off ldap.usermap.symmetriclookup yes ldap.usermap.windows-to-unix.attribute sAMAccountName ldap.usermap.windows-to-unix.objectClass posixAccount
Mike Langas wrote:
I'm trying to set up group quotas on a qtree. I'm trying to use unix groups that are stored on an ldap server to control who is in each group. Has anyone done this before? Are there any tools available to help me determine that LDAP is set up correctly?
Thanks,
Mike
_______________________________ Do you Yahoo!? Declare Yourself - Register online to vote today! http://vote.yahoo.com
I'm trying to set up group quotas on a qtree. I'm trying to use unix groups that are stored on an ldap server to control who is in each group. Has anyone done this before? Are there any tools available to help me determine that LDAP is set up correctly?
Are you sure that group quotas are what you want? They may not work like you hope that they do.
In particular, a group quota does not limit the total disk space consumed by all the users who are members of the group.
Each file and directory on a filer has a group attribute. When using Unix style permissions, a file's group is a group id number (GID), which corresponds to the third field in a Unix /etc/group file. You can use the unix command 'ls -l filename' to see what group a file has.
A group quota simply limits the total size of all files that have that particular group attribute. It has nothing to do with the owner of the files.
I don't think that group quotas are particularly useful because users are often members of multiple groups and therefore they can create files with different group attributes. If user X is a member of group A and group B, then X can create a file and set its group to A and that file counts against the group quota for A. But X could create another file and set its group to B and that file counts against the group quota for B. Of course both files count against the user quota for X.
Steve Losen scl@virginia.edu phone: 434-924-0640
University of Virginia ITC Unix Support
-
Mike Langas -
Stephane -
Steve Losen