NFSv4 with LDAP on Data ONTAP 8.1 (cluster mode)_

June 15, 2012 @20:57
This post has been restored from an archived copy. Links may have changed or be broken.

So NetApp is starting to push Data ONTAP 8.1 running in Cluster Mode as the Next Big Thing in storage technology because among other things is brings scale-out to our already industry-leading storage management technology.

Part of the future is NFSv4, which as I said in an earlier post requires some level of username to uid mapping functionality (though this is actually an option in Data ONTAP 8.1) to work right, so since I'm a Linux geek and I wanted NFSv4 working on my simulator environment I decided to get LDAP working.

It is not nearly as straightforward as it was in 7-mode but it is possible.

  1. Setup the NFSv4 domain to match your current environment:
        piper::> nfs modify -vserver test-vserver -v4-id-domain localdomain
        piper::> nfs show -vserver test-vserver -instance
        Vserver: test-vserver
         General NFS Access: true
         RPC GSS Context Cache High Water Mark: 0
         RPC GSS Context Idle: 0
         NFS v2: disabled
         NFS v3: enabled
         NFS v4.0: enabled
         ...snip...
         NFSv4 ID Mapping Domain: localdomain
    
  2. Create a LDAP client configuration:
        piper::> vserver services ldap client create -client-config test-ldap -servers 192.168.196.3 -min-bind-level simple -bind-dn cn=nis,dc=ub3rgeek,dc=net -bind-password password -base-dn dc=ub3rgeek,dc=net -user-dn ou=users,dc=ub3rgeek,dc=net -group-dn ou=groups,dc=ub3rgeek,dc=net
        piper::> vserver services ldap client show -instance
        Client Configuration Name: test-ldap
         LDAP Server List: 192.168.196.3
         Active Directory Domain: -
         Preferred Active Directory Servers: -
         Bind Using the Vserver's CIFS Credentials: false
         Schema Template: RFC-2307
         LDAP Server Port: 389
         Query Timeout (sec): 3
         Minimum Bind Authentication Level: simple
         Bind DN (User): cn=nis,dc=ub3rgeek,dc=net
         Base DN: dc=ub3rgeek,dc=net
         Base Search Scope: subtree
         User DN: ou=users,dc=ub3rgeek,dc=net
         User Search Scope: subtree
         Group DN: ou=groups,dc=ub3rgeek,dc=net
         Group Search Scope: subtree
         Netgroup DN: -
         Netgroup Search Scope: subtree
         1 entry was displayed.
    
  3. Create the LDAP server.
        piper::*> vserver services ldap create -vserver test-vserver -client-config test-ldap
    
  4. Enable LDAP for NSS lookups on your Vserver

        piper::> vserver modify -vserver test-vserver -ns-switch ldap,file
        piper::*> vserver show -vserver test-vserver -instance

    Vserver: test-vserver Vserver Type: cluster Vserver UUID: 13e83952-b56d-11e1-b2c3-123478563412 Root Volume: testvserver Aggregate: aggr01_a Name Service Switch: ldap, file Name Mapping Switch: file NIS Domain: - Root Volume Security Style: unix LDAP Client: internal Language: C Snapshot Policy: default Comment: Anti-Virus On-Access Policy: default Quota Policy: default List of Aggregates Assigned: - Limit on Maximum Number of Volumes allowed: unlimited Vserver Admin State: running Allowed Protocols: nfs Disallowed Protocols: cifs, fcp, iscsi Protocol Services use Data LIFs: true

    Now you should be able to mount your export!

apollo 20:32:34 ~ (2253)$ mount
 ...snip...
192.168.196.14:/piper_test_vol on /mnt type nfs (rw,vers=4,addr=192.168.196.14,clientaddr=192.168.196.7)

And if you look, it should resolve your usernames!

apollo 20:49:12 ~ (2254)$ ls -la /mnt
total 391824
drwxrwxrwx  3 nobody   nogroup      4096 Jun 15 20:00 .
drwxr-xr-x 25 root     root         4096 Mar 23 16:10 ..
-rw-r--r--  1 mernisse users   199805682 Jun 15 19:48 [Taka]_Ano_Hana_10_[480p][B5547A09].mp4
-rw-r--r--  1 mernisse users   199825041 Jun 15 19:38 [Taka]_Ano_Hana_11_[480p][BA5A9A3E].mp4
drwx------  2 mernisse users        4096 Jun 15 19:56 things

GREAT SUCCESS!

I used the following documents to assist me in determining this process:

Subscribe via RSS. Send me a comment.