Hi all

Thanks for the responses so far.

On 31 January 2006 07:38, owner-toasters@mathworks.com wrote:

FWIW Windows 2003 R2 uses the RFC 2307 schema, so the only mappings you need are for homeDirectory and the object classes.

(homeDirectory is necessary owing to the same attribute being used by AD, so R2/Vintela/XAD use unixHomeDirectory instead.)

Hrm...

This isn't a W2k3 R2 setup - noting that most of the work is being done in a dev lab before going to production, so this may change. We're running W2K3 server with Microsoft's SFU3.5 installed. Although it's installed, we're really only using the schema extensions - we shot NIS out of the equation after suffering some terrible map reliability some time ago, and we found that PAM_ldap and nss_ldap worked perfectly for us from a Linux/UNIX workstation & server perspective. We also don't really want to have to use the NFS client, although to be honest this might be looking like one way to proceed. Of which, more if it happens...

Anyway, back on track: After taking note of http://now.netapp.com/NOW/cgi-bin/bol?Type=Detail&Display=16619 (login required)

I managed to get rid of one source of error (STATUS_ACCESS_DENIED trying to look up domain groups). However, the username mapping is still not working.

Can someone with LDAP username mapping please post (or email privately) the "options ldap" output as used against an SFU3.5 extended AD schema? I appreciate that Outdoorchik2 has posted one, but any others for comparison would be helpful...

Graeme