We are using Active Directroy for LDAP on our Linux clients. I'd like to set up the filer to be able to resolve the usernames both directions but I'm having a couple of issues. Filers are running 7.3.3. I have had this working before at a previous job but I am missing something & the docs are not quite as helpful as I'd like.

1) I can't get LDAP working at all (getXXbyYY is not working even though I see the filer connecting to the DC on the appropriate port but I'm missing something.

2) Not all users have rfc2307 information set, ideally I'd use their samaccountname for both (it always matches).

3) I am in a multiforest environment, I'd like to use Global Catalogs for my lookups instead of normal DC's & do it on the GC port so it can retrieve info for any user on my network. This may not be possible, I am not sure.

NIS works fine, if I am not able to get this to work I'm either going to have to script a dump of AD to NIS or use the MS tools to do the same thing and do this with a usermap.cfg. Either possibility is ugly so any suggestions would be appreciated. I've tried changing the ldap.minimum_bind_level to simple but it does not appear to help.

dr-array02*> options ldap

ldap.ADdomain

ldap.base dc=site,dc=company,dc=com

ldap.base.group dc=site,dc=company,dc=com

ldap.base.netgroup

ldap.base.passwd dc=site,dc=company,dc=com

ldap.enable on

ldap.minimum_bind_level anonymous

ldap.name cn=ldap-auth-proxy,ou=ldap,ou=services,dc=site,dc=company,dc=com

ldap.nssmap.attribute.gecos gecos

ldap.nssmap.attribute.gidNumber gidNumber

ldap.nssmap.attribute.groupname cn

ldap.nssmap.attribute.homeDirectory unixHomeDirectory

ldap.nssmap.attribute.loginShell loginShell

ldap.nssmap.attribute.memberNisNetgroup memberNisNetgroup

ldap.nssmap.attribute.memberUid memberUid

ldap.nssmap.attribute.netgroupname cn

ldap.nssmap.attribute.nisNetgroupTriple nisNetgroupTriple

ldap.nssmap.attribute.uid uid

ldap.nssmap.attribute.uidNumber uidNumber

ldap.nssmap.attribute.userPassword userPassword

ldap.nssmap.objectClass.nisNetgroup nisNetgroup

ldap.nssmap.objectClass.posixAccount posixAccount

ldap.nssmap.objectClass.posixGroup posixGroup

ldap.passwd ******

ldap.port 389

ldap.servers vm-sitedc01.site.company.com

ldap.servers.preferred

ldap.skip_cn_unescape.enable on

ldap.ssl.enable off

ldap.timeout 20

ldap.usermap.attribute.unixaccount uid

ldap.usermap.attribute.windowsaccount sAMAccountName

ldap.usermap.base

ldap.usermap.enable on

Please be advised that this email may contain confidential information. If you are not the intended recipient, please notify us by email by replying to the sender and delete this message. The sender disclaims that the content of this email constitutes an offer to enter into, or the acceptance of, any agreement; provided that the foregoing does not invalidate the binding effect of any digital or other electronic reproduction of a manual signature that is included in any attachment.