Subscribe

Ontap9 and ldap client configuration: Can MemberOf be used to query Unix groups?

Hi all,

 

a customer has his ldap servers setup in a way that unix groups show up as a MemberOf attribute of each user. Please find an example below. Is it possible to configure Ontap9 ldap client in a way to make use of this? The queries might be much faster than the conventional way of querying each group and see if the user is a member of it.

 

I've replaced some of the real values in the example by <description>

 

---------------------------- begin example ------------------------------

<user>@<ldapclient>:~$ ldapsearch -H ldaps://<ldapserver> -D CN=tuphfphl0-admin3,OU=M,OU=Users,OU=FPH,OU=PH,OU=TU,OU=MWN,DC=ads,DC=mwn,DC=de
-b DC=ads,DC=mwn,DC=de -W '(uidnumber=3040169)'
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <DC=ads,DC=mwn,DC=de> with scope subtree # filter: (uidnumber=3040169) # requesting: ALL #

# <user>, Users, TU, IAM, ads.mwn.de
dn: CN=<user>,OU=Users,OU=TU,OU=IAM,DC=ads,DC=mwn,DC=de
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: <user>
sn: <real name>
o: TU
title: Dr.
description:: VGVjaG5pc2NoZSBVbml2ZXJzaXTDpHQgTcO8bmNoZW4=
telephoneNumber: <phone>
givenName: <real name>
distinguishedName: CN=<user>,OU=Users,OU=TU,OU=IAM,DC=ads,DC=mwn,DC=de
instanceType: 4
whenCreated: 20070926203532.0Z
whenChanged: 20170405064129.0Z
displayName: <Real Name>
uSNCreated: 972746
memberOf: CN=TUPHFPHEV-HELIUMLIST,OU=Resources,OU=TU,OU=IAM,DC=ads,DC=mwn,DC=de
memberOf: CN=TUPHFPHGV-0WSTAFFINT,OU=Groups,OU=TU,OU=IAM,DC=ads,DC=mwn,DC=de
memberOf: CN=TUPHFPHZN-ADSREQUEST,OU=Resources,OU=TU,OU=IAM,DC=ads,DC=mwn,DC=de
memberOf: CN=TUPHCOMEV-CIPADMINS,OU=Resources,OU=TU,OU=IAM,DC=ads,DC=mwn,DC=de
memberOf: CN=TU00000EV-NASUSER,OU=Resources,OU=TU,OU=IAM,DC=ads,DC=mwn,DC=de
memberOf: CN=TUZEITHEV-ADMINWIKIC,OU=Resources,OU=TU,OU=IAM,DC=ads,DC=mwn,DC=de
memberOf: CN=TUPHFPHGV-0LRZMASTER,OU=Groups,OU=TU,OU=IAM,DC=ads,DC=mwn,DC=de
memberOf: CN=TUPHCOMGV-0CIPADMINS,OU=Groups,OU=TU,OU=IAM,DC=ads,DC=mwn,DC=de

---------------------------- end example ------------------------------

 

Best regards

Martin Glora