Network and Storage Protocols

LDAP and AD on same filer

baijulal
4,489 Views

Can a filer be configured  to have  cifs registered with a windows AD domain and the  filer configured to join another LDAP server?.Do you have a similar config?

Thanks.

5 REPLIES 5

radek_kubka
4,489 Views

Hi,

I am not 100% sure what you are after, but I don't think it is doable - "joining" AD domain is something which always happens in a CIFS service context.

Maybe MultiStore is worth looking at? Each of vFilers can join a separate domain, if it helps.

Regards,
Radek

dearmon
4,489 Views

I believe that the correct way to achieve integration with multiple directory services would be through leveraging a unified/federated login service like Centrify.  That will allow ONE service to control authentication and consult the other service when needed.  One of the problems that I could foresee with joining a filer to an AD domain and also specifying a second LDAP directory service would be conflicts with permissions.  Users with accounts in each of the different directories that have conflicting permissions could cause a security issue (not to mention, there's no mechanism that I'm aware of for the filer to decide which is authoritative).  If a single sign on service isn't an option, then I'd suggest what Radek said above and look at vFilers for this.  You can have one vFiler joined to one domain/LDAP and others joined to different ones and present no issues.  Hope this helps.

Matt

boomer123
4,489 Views

Sorry for the late response, I'm not very often on NOW.

Yes it definitly can.

I have a Metro Cluster and some standalone boxes and all are AD integrated for CIFS and LDAP (openldap on Linux) integrated for NFS. And there is even a facility to map AD users to LDAP users (e.g. globalAadmin@Company.domain <=> sysadmin (uid=1234, gid=4321)) for multi-protocol volumes.

Boomer

1jimpross
4,489 Views

Boomer,

I too have a need for having both AD integration for CIFS and LDAP integration for NFS.

Could you share on how you got the netapp to use both or can you point me to documentation you used?

The CIFS part is easy since cifs setup you tell it to joing AD domain.  However, my question comes in how you tell the NFS side to authenticate with openldap.

Thanks Jim

aborzenkov
4,489 Views

See http://media.netapp.com/documents/tr-3458.pdf for detailed description.

Public