NFSv4 with LDAP on Data ONTAP 8.1 (cluster mode)_

June 15, 2012 @20:57
This post has been restored from an archived copy. Links may have changed or be broken.

So NetApp is starting to push Data ONTAP 8.1 running in Cluster Mode as the Next Big Thing in storage technology because among other things is brings scale-out to our already industry-leading storage management technology.

Part of the future is NFSv4, which as I said in an earlier post requires some level of username to uid mapping functionality (though this is actually an option in Data ONTAP 8.1) to work right, so since I'm a Linux geek and I wanted NFSv4 working on my simulator environment I decided to get LDAP working.

It is not nearly as straightforward as it was in 7-mode but it is possible.

  1. Setup the NFSv4 domain to match your current environment:
    piper::*> nfs modify -vserver test-vserver -v4-id-domain localdomain
    piper::*> nfs show -vserver test-vserver -instance
    Vserver: test-vserver
     General NFS Access: true
     RPC GSS Context Cache High Water Mark: 0
     RPC GSS Context Idle: 0
     NFS v2: disabled
     NFS v3: enabled
     NFS v4.0: enabled
     ...snip...
     NFSv4 ID Mapping Domain: localdomain
  1. Create a LDAP client configuration:
    piper::*> vserver services ldap client create -client-config test-ldap -servers 192.168.196.3 -min-bind-level simple -bind-dn cn=nis,dc=ub3rgeek,dc=net -bind-password password -base-dn dc=ub3rgeek,dc=net -user-dn ou=users,dc=ub3rgeek,dc=net -group-dn ou=groups,dc=ub3rgeek,dc=net
    piper::*> vserver services ldap client show -instance
    Client Configuration Name: test-ldap
     LDAP Server List: 192.168.196.3
     Active Directory Domain: -
     Preferred Active Directory Servers: -
     Bind Using the Vserver's CIFS Credentials: false
     Schema Template: RFC-2307
     LDAP Server Port: 389
     Query Timeout (sec): 3
     Minimum Bind Authentication Level: simple
     Bind DN (User): cn=nis,dc=ub3rgeek,dc=net
     Base DN: dc=ub3rgeek,dc=net
     Base Search Scope: subtree
     User DN: ou=users,dc=ub3rgeek,dc=net
     User Search Scope: subtree
     Group DN: ou=groups,dc=ub3rgeek,dc=net
     Group Search Scope: subtree
     Netgroup DN: -
     Netgroup Search Scope: subtree
     1 entry was displayed.

3. Create the LDAP server.

    piper::*> vserver services ldap create -vserver test-vserver -client-config test-ldap
  1. Enable LDAP for NSS lookups on your Vserver
    piper::> vserver modify -vserver test-vserver -ns-switch ldap,file
    piper::*> vserver show -vserver test-vserver -instance

    Vserver: test-vserver
     Vserver Type: cluster
     Vserver UUID: 13e83952-b56d-11e1-b2c3-123478563412
     Root Volume: testvserver
     Aggregate: aggr01_a
     Name Service Switch: ldap, file
     Name Mapping Switch: file
     NIS Domain: -
     Root Volume Security Style: unix
     LDAP Client: internal
     Language: C
     Snapshot Policy: default
     Comment:
     Anti-Virus On-Access Policy: default
     Quota Policy: default
     List of Aggregates Assigned: -
     Limit on Maximum Number of Volumes allowed: unlimited
     Vserver Admin State: running
     Allowed Protocols: nfs
     Disallowed Protocols: cifs, fcp, iscsi
     Protocol Services use Data LIFs: true

Now you should be able to mount your export!

apollo 20:32:34 ~ (2253)$ mount
 ...snip...
192.168.196.14:/piper_test_vol on /mnt type nfs (rw,vers=4,addr=192.168.196.14,clientaddr=192.168.196.7)

And if you look, it should resolve your usernames!

apollo 20:49:12 ~ (2254)$ ls -la /mnt
total 391824
drwxrwxrwx  3 nobody   nogroup      4096 Jun 15 20:00 .
drwxr-xr-x 25 root     root         4096 Mar 23 16:10 ..
-rw-r--r--  1 mernisse users   199805682 Jun 15 19:48 [Taka]_Ano_Hana_10_[480p][B5547A09].mp4
-rw-r--r--  1 mernisse users   199825041 Jun 15 19:38 [Taka]_Ano_Hana_11_[480p][BA5A9A3E].mp4
drwx------  2 mernisse users        4096 Jun 15 19:56 things

GREAT SUCCESS!

I used the following documents to assist me in determining this process:

Subscribe via RSS. Send me a comment.