ADIC 1.3 Benutzerhandbuch

Configuring LDAP

The following information describes how to configure the new StorNext LDAP feature in addition to outlining 
recent changes to Windows configuration tools.

Using LDAP

SNFX 1.3 introduces support for Light Directory Access Protocol, or LDAP (RFC 2307). This feature allows 
customers to use Active Directory/LDAP for mapping Windows User ID's (SIDs) to UNIX User ID/Group 
ID's.

As with previous releases, if a Windows user cannot be mapped to a Unix ID, the user is mapped to 

Nobody

. 

SNFX 1.3 allows administrators change the value of 

Nobody

 by using the file system configuration 

parameters:

UnixNobodyUidOnWindows 60003

UnixNobodyGidOnWindows 60004

These parameters are located in the file system configuration file on the server and are manually modified 
by the Xsan Administrator GUI.

Changes to UNIX File & Directory Modes

When a file or directory is created on Windows, the UNIX modes are now controlled by the following file 
system configuration parameters:

UnixDirectoryCreationModeOnWindowsDefault 0755

UnixFileCreationModeOnWindowsDefault 0644

In previous releases StorNext used per user mode masks. SNFX 1.3 allows one set of values for all users 
of each file system. 

LDAP Refresh Timeout

Due to the changes in the Windows Active Directory user mappings, services for UNIX can take up to 10 
minutes to be propagated to StorNext clients.

User ID Mapping Precedence

If multiple mappings are found for a given Windows user, the following precedence takes place:

•

NIS/PCNFSD - If mapping exists

•

Fabricated ID's - If configured "on"

•

LDAP/RFC 2307 - If defined in Active Directory

•

Nobody - If no other mapping found

Note

The default values allow more open access to Windows-created files from 
UNIX systems than in previous versions. Administrators can manually change 
these values in the file system configuration file on the server or use the 
Windows or Web GUI.