This post has been restored from an archived copy. Links
may have changed or be broken.
I recently have been re-architecting my network at home and one of the big transitions has been back to NFS home directories across my Linux systems. I previously used NFSv3 shares to provide this functionality years ago but now that modern Linux systems (I am running mostly Debian 6.0 (squeeze)) support the more secure, performant and robust NFS version 4 I standardized on that. Thanks to my use of nss_ldap for user authentication it has been pretty straightforward but there have been a couple of interesting gotchas.
I have a NetApp FAS2020 which I am currently using to re-arrange my VM server's RAID array and have been syncing data to it using rsync(8) to a NFSv4 share on the filer. One of the interesting things is that NFSv4 no longer uses numeric UIDs/GIDs and instead transmits the textual strings and relies on the host's getpwnam() functions to translate it into a numeric value for the underlying file system. Thankfully Data ONTAP has the ability to use LDAP in a similar fashion to modern Linux hosts[1].
I am running Data ONTAP 7.3.6 and my LDAP configuration looks like this:
toaster*> options ldap
ldap.ADdomain
ldap.base dc=ub3rgeek,dc=net
ldap.base.group ou=groups,dc=ub3rgeek,dc=net
ldap.base.netgroup
ldap.base.passwd ou=users,dc=ub3rgeek,dc=net
ldap.enable on
ldap.minimum_bind_level anonymous
ldap.name xxxxxx
ldap.nssmap.attribute.gecos gecos
ldap.nssmap.attribute.gidNumber gidNumber
ldap.nssmap.attribute.groupname cn
ldap.nssmap.attribute.homeDirectory homeDirectory
ldap.nssmap.attribute.loginShell loginShell
ldap.nssmap.attribute.memberNisNetgroup memberNisNetgroup
ldap.nssmap.attribute.memberUid memberUid
ldap.nssmap.attribute.netgroupname cn
ldap.nssmap.attribute.nisNetgroupTriple nisNetgroupTriple
ldap.nssmap.attribute.uid uid
ldap.nssmap.attribute.uidNumber uidNumber
ldap.nssmap.attribute.userPassword userPassword
ldap.nssmap.objectClass.nisNetgroup nisNetgroup
ldap.nssmap.objectClass.posixAccount posixAccount
ldap.nssmap.objectClass.posixGroup posixGroup
ldap.passwd ******
ldap.port 389
ldap.servers ldap.internal.ub3rgeek.net
ldap.servers.preferred
ldap.ssl.enable off
ldap.timeout 20
ldap.usermap.attribute.unixaccount unixaccount
ldap.usermap.attribute.windowsaccount windowsaccount
ldap.usermap.base ldap.usermap.enable on
This basically mirrors my nss_ldap configuration and has allowed me to easily copy my RAID array over to the filer so I can wipe and rebuild the underlying RAID layer.