Επεξεργασία

Κοινή χρήση μέσω

Understand name mapping using LDAP in Azure NetApp Files

  • Άρθρο

Name mapping rules with lightweight directory access protocol (LDAP) can be broken down into two main types: symmetric and asymmetric.

  • Symmetric name mapping is implicit name mapping between UNIX and Windows users who use the same user name. For example, Windows user CONTOSO\user1 maps to UNIX user user1.
  • Asymmetric name mapping is name mapping between UNIX and Windows users who use different user names. For example, Windows user CONTOSO\user1 maps to UNIX user user2.

By default, Azure NetApp Files uses symmetric name mapping rules. If asymmetric name mapping rules are required, consider configuring the LDAP user objects to use them.

Custom name mapping using LDAP

LDAP can be a name mapping resource, if the LDAP schema attributes on the LDAP server have been populated. For example, to map UNIX users to corresponding Windows user names that don't match one-to-one (that is, asymmetric), you can specify a different value for uid in the user object than what is configured for the Windows user name.

In the following example, a user has a Windows name of asymmetric and needs to map to a UNIX identity of UNIXuser. To achieve that in Azure NetApp Files, open an instance of the Active Directory Users and Computers MMC. Then, find the desired user and open the properties box. (Doing so requires enabling the Attribute Editor). Navigate to the Attribute Editor tab and find the UID field, then populate the UID field with the desired UNIX user name UNIXuser and click Add and OK to confirm.

Screenshot that shows the Asymmetric Properties window and Multi-valued String Editor window.

After this action is done, files written from Windows SMB shares by the Windows user asymmetric are owned by UNIXuser from the NFS side.

The following example shows Windows SMB owner asymmetric:

Screenshot that shows Windows SMB owner named Asymmetric.

The following example shows NFS owner UNIXuser (mapped from Windows user asymmetric using LDAP):

root@ubuntu:~# su UNIXuser
UNIXuser@ubuntu:/root$ cd /mnt
UNIXuser@ubuntu:/mnt$ ls -la
total 8
drwxrwxrwx  2 root     root   4096 Jul  3 20:09 .
drwxr-xr-x 21 root     root   4096 Jul  3 20:12 ..
-rwxrwxrwx  1 UNIXuser group1   19 Jul  3 20:10 asymmetric-user-file.txt

Next steps