Community maintenance is complete. Thank you for your patience!

ONTAP Discussions

Ontap9 and ldap client configuration: Can MemberOf be used to query Unix groups?

ADVUNIMG2

Hi all,

 

a customer has his ldap servers setup in a way that unix groups show up as a MemberOf attribute of each user. Please find an example below. Is it possible to configure Ontap9 ldap client in a way to make use of this? The queries might be much faster than the conventional way of querying each group and see if the user is a member of it.

 

I've replaced some of the real values in the example by <description>

 

---------------------------- begin example ------------------------------

<user>@<ldapclient>:~$ ldapsearch -H ldaps://<ldapserver> -D CN=tuphfphl0-admin3,OU=M,OU=Users,OU=FPH,OU=PH,OU=TU,OU=MWN,DC=ads,DC=mwn,DC=de
-b DC=ads,DC=mwn,DC=de -W '(uidnumber=3040169)'
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <DC=ads,DC=mwn,DC=de> with scope subtree # filter: (uidnumber=3040169) # requesting: ALL #

# <user>, Users, TU, IAM, ads.mwn.de
dn: CN=<user>,OU=Users,OU=TU,OU=IAM,DC=ads,DC=mwn,DC=de
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: <user>
sn: <real name>
o: TU
title: Dr.
description:: VGVjaG5pc2NoZSBVbml2ZXJzaXTDpHQgTcO8bmNoZW4=
telephoneNumber: <phone>
givenName: <real name>
distinguishedName: CN=<user>,OU=Users,OU=TU,OU=IAM,DC=ads,DC=mwn,DC=de
instanceType: 4
whenCreated: 20070926203532.0Z
whenChanged: 20170405064129.0Z
displayName: <Real Name>
uSNCreated: 972746
memberOf: CN=TUPHFPHEV-HELIUMLIST,OU=Resources,OU=TU,OU=IAM,DC=ads,DC=mwn,DC=de
memberOf: CN=TUPHFPHGV-0WSTAFFINT,OU=Groups,OU=TU,OU=IAM,DC=ads,DC=mwn,DC=de
memberOf: CN=TUPHFPHZN-ADSREQUEST,OU=Resources,OU=TU,OU=IAM,DC=ads,DC=mwn,DC=de
memberOf: CN=TUPHCOMEV-CIPADMINS,OU=Resources,OU=TU,OU=IAM,DC=ads,DC=mwn,DC=de
memberOf: CN=TU00000EV-NASUSER,OU=Resources,OU=TU,OU=IAM,DC=ads,DC=mwn,DC=de
memberOf: CN=TUZEITHEV-ADMINWIKIC,OU=Resources,OU=TU,OU=IAM,DC=ads,DC=mwn,DC=de
memberOf: CN=TUPHFPHGV-0LRZMASTER,OU=Groups,OU=TU,OU=IAM,DC=ads,DC=mwn,DC=de
memberOf: CN=TUPHCOMGV-0CIPADMINS,OU=Groups,OU=TU,OU=IAM,DC=ads,DC=mwn,DC=de

---------------------------- end example ------------------------------

 

Best regards

Martin Glora

0 REPLIES 0
Announcements
NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.

NetApp Insights to Action
I2A Banner
Public