LDAP RFC 2307bis on NetApp Notes

on
Links:


See:
  • Using Microsoft Active Directory LDAP to Its Full Potential with RFC-2307bis
  • What Is RFC-2307bis?
    • RFC-2307 is the request-for-comments memo entitled “An Approach for Using LDAP as a Network Information Service.” RFC-2307bis is an extension of RFC-2307 and adds support for posixGroups, which enables dynamic lookups for auxiliary/secondary groups using the uniqueMember attribute rather than the memberUid attribute in the LDAP schema. Instead of using just the name of the user for lookups (standard searches filter using the group attribute memberUid=user to crawl the LDAP schema for all groups in which a user is a member), this attribute contains the full distinguished name (DN) of another object in the LDAP database (such as another user or group). These values exist on the user object under the Member attribute. Once the values are queried, their UNIX attributes are returned in subsequent queries. Therefore, groups can have other groups as members, which allows nesting of groups. Support for RFC-2307bis also adds support for the object class groupOfUniqueNames.
  • Best Practices 49: RFC2307bis and Active Directory LDAP
    • If using Windows Active Directory LDAP with Data ONTAP 8.3 and later, consider using RFC-2307bis support because of the natural fit with Active Directory default schema attributes for group memberships. With RFC-2307bis, no additional configuration steps are needed to add users to groups other than simply belonging to a Windows group.
  • Best Practices 50: RFC2307bis and Active Directory Schema
    • ONTAP 9.0 introduces a new built-in schema template for RFC-2307bis environments, specifically with Active Directory in mind. This schema is called MS-AD-BIS and should be used with Microsoft Active Directory LDAP servers whenever possible.
And non-deprecated sources:


Also search for RFC2307bis in kb.netapp.com.

Image: RFC 2307 LDAP Schema Template



Comments

Post a Comment