This post has been restored from an archived copy. Links
may have changed or be broken.
So NetApp is starting to push Data ONTAP 8.1 running in Cluster Mode as the Next Big Thing in storage technology because among other things is brings scale-out to our already industry-leading storage management technology.
Part of the future is NFSv4, which as I said in an earlier post requires some level of username to uid mapping functionality (though this is actually an option in Data ONTAP 8.1) to work right, so since I'm a Linux geek and I wanted NFSv4 working on my simulator environment I decided to get LDAP working.
It is not nearly as straightforward as it was in 7-mode but it is possible.
- Setup the NFSv4 domain to match your current environment:
piper::*> nfs modify -vserver test-vserver -v4-id-domain localdomain
piper::*> nfs show -vserver test-vserver -instance
Vserver: test-vserver
General NFS Access: true
RPC GSS Context Cache High Water Mark: 0
RPC GSS Context Idle: 0
NFS v2: disabled
NFS v3: enabled
NFS v4.0: enabled
...snip...
NFSv4 ID Mapping Domain: localdomain
- Create a LDAP client configuration:
piper::*> vserver services ldap client create -client-config test-ldap -servers 192.168.196.3 -min-bind-level simple -bind-dn cn=nis,dc=ub3rgeek,dc=net -bind-password password -base-dn dc=ub3rgeek,dc=net -user-dn ou=users,dc=ub3rgeek,dc=net -group-dn ou=groups,dc=ub3rgeek,dc=net
piper::*> vserver services ldap client show -instance
Client Configuration Name: test-ldap
LDAP Server List: 192.168.196.3
Active Directory Domain: -
Preferred Active Directory Servers: -
Bind Using the Vserver's CIFS Credentials: false
Schema Template: RFC-2307
LDAP Server Port: 389
Query Timeout (sec): 3
Minimum Bind Authentication Level: simple
Bind DN (User): cn=nis,dc=ub3rgeek,dc=net
Base DN: dc=ub3rgeek,dc=net
Base Search Scope: subtree
User DN: ou=users,dc=ub3rgeek,dc=net
User Search Scope: subtree
Group DN: ou=groups,dc=ub3rgeek,dc=net
Group Search Scope: subtree
Netgroup DN: -
Netgroup Search Scope: subtree
1 entry was displayed.
3. Create the LDAP server.
piper::*> vserver services ldap create -vserver test-vserver -client-config test-ldap
- Enable LDAP for NSS lookups on your Vserver
piper::> vserver modify -vserver test-vserver -ns-switch ldap,file
piper::*> vserver show -vserver test-vserver -instance
Vserver: test-vserver
Vserver Type: cluster
Vserver UUID: 13e83952-b56d-11e1-b2c3-123478563412
Root Volume: testvserver
Aggregate: aggr01_a
Name Service Switch: ldap, file
Name Mapping Switch: file
NIS Domain: -
Root Volume Security Style: unix
LDAP Client: internal
Language: C
Snapshot Policy: default
Comment:
Anti-Virus On-Access Policy: default
Quota Policy: default
List of Aggregates Assigned: -
Limit on Maximum Number of Volumes allowed: unlimited
Vserver Admin State: running
Allowed Protocols: nfs
Disallowed Protocols: cifs, fcp, iscsi
Protocol Services use Data LIFs: true
Now you should be able to mount your export!
apollo 20:32:34 ~ (2253)$ mount
...snip...
192.168.196.14:/piper_test_vol on /mnt type nfs (rw,vers=4,addr=192.168.196.14,clientaddr=192.168.196.7)
And if you look, it should resolve your usernames!
apollo 20:49:12 ~ (2254)$ ls -la /mnt
total 391824
drwxrwxrwx 3 nobody nogroup 4096 Jun 15 20:00 .
drwxr-xr-x 25 root root 4096 Mar 23 16:10 ..
-rw-r--r-- 1 mernisse users 199805682 Jun 15 19:48 [Taka]_Ano_Hana_10_[480p][B5547A09].mp4
-rw-r--r-- 1 mernisse users 199825041 Jun 15 19:38 [Taka]_Ano_Hana_11_[480p][BA5A9A3E].mp4
drwx------ 2 mernisse users 4096 Jun 15 19:56 things
GREAT SUCCESS!
I used the following documents to assist me in determining this process: