Many data centers create more advanced file sharing on the network file system, which requires user account information validation. If you are using a Linux system, you can integrate NetApp storage with LDAP to enhance security.
Most of the storage's rights control can be integrated with Microsoft's Active Directory authorization, but it is not easy to configure Lightweight directory Access Protocol (LDAP) integration for Linux systems.
Secure file sharing requires user authorization verification, just as those high level data sharing and archiving projects require. If Linux users need access to these shares, the storage device must first identify these Linux user accounts. In addition to the Active Directory, LDAP integration can also be used, but the configuration of LDAP is more complex. The good news is that NetApp's storage supports LDAP server Authentication integration. Next, you can set file access on the store, as you would on a local Linux file server.
Start configuring NetApp storage with LDAP integration. Use SSH to log on to the command line mode of NetApp storage. Enter the Priv set advanced command, which allows you to set all the necessary security parameters. Next, enter the options LDAP to view the current settings (you can also do this through the browser Web page):
Ams5-fas2240-a*> Options LDAP
Ldap. ADDomain
Ldap.base dc=example,dc=com
Ldap.base.group
Ldap.base.netgroup
ldap.base.passwd
Ldap.enable on
Ldap.minimum_bind_level Anonymous
Ldap.name
Ldap.nssmap.attribute.gecos Gecos
Ldap.nssmap.attribute.gidNumber Gidnumber
Ldap.nssmap.attribute.groupname cn
Ldap.nssmap.attribute.homeDirectory homedirectory
Ldap.nssmap.attribute.loginShell Loginshell
Ldap.nssmap.attribute.memberNisNetgroup Membernisnetgroup
Ldap.nssmap.attribute.memberUid Memberuid
Ldap.nssmap.attribute.netgroupname cn
Ldap.nssmap.attribute.nisNetgroupTriple Nisnetgrouptriple
Ldap.nssmap.attribute.uid UID
Ldap.nssmap.attribute.uidNumber Uidnumber
Ldap.nssmap.attribute.userPassword UserPassword
Ldap.nssmap.objectClass.nisNetgroup Nisnetgroup
Ldap.nssmap.objectClass.posixAccount Posixaccount
Ldap.nssmap.objectClass.posixGroup Posixgroup
LDAP.PASSWD Hu Jintao
Ldap.port 389
Ldap.servers ut01.example.local
Ldap.servers.preferred ut01.example.local
Ldap.ssl.enable off
Ldap.timeout 20
Ldap.usermap.attribute.unixaccount Unixaccount
Ldap.usermap.attribute.windowsaccount Windowsaccount
Ldap.usermap.base
Ldap.usermap.enable off
If you have any parameter setup errors, you can use the options ldap.base command to set the correct search domain:
ams5-fas2240-a*> Options Ldap.base dc=commerce-hub,dc=local
After you set up the search domain by command, you need to from the LDAP directory service. The GETXXBYYY command can show how the system is validated against the Arnaud account:
Ams5-fas2240-a*> getxxbyyy getpwbyname_r Arnaud
Pw_name = Arnaud
pw_passwd = {{hu}}}
Pw_uid = 1002, Pw_gid = 100
Pw_gecos =
Pw_dir =/home/arnaud
Pw_shell =/bin/bash
Ams5-fas2240-a*> getxxbyyy Getpwbyname_r Linda
Pw_name = Linda
pw_passwd = {{hu}}}
Pw_uid = 1001, Pw_gid = 100
Pw_gecos =
Pw_dir =/home/linda
Pw_shell =/bin/bash
The user account information that is stored on the LDAP server has been validated and then ensured that it is working properly at all levels. Modify the configuration information for the nsswitch.conf file, require read and write access, and use the file editor to open the/etc/nsswitch.conf file. The file should contain the following lines:
Ams5-fas2240-b> wrfile/etc/nsswitch.conf
Hosts:files DNS NIS
PASSWD:LDAP files NIS
NETGROUP:LDAP files NIS
GROUP:LDAP files NIS
Shadow:files NIS
The storage device now has access to user information through the LDAP server. As such, NetApp storage and LDAP server user authentication are integrated to properly control permissions settings for Network File system (NFS) sharing. You can use the options nfs.v4.acl.enable command to toggle the NFSV4 access Control list. You can also apply the ACLs on the Linux system to NetApp storage, which makes the storage more like the Linux file directory, with the appropriate permissions:
Ams5-fas2240-b> Options Nfs.v4.acl.enable on
Changes to the Nfs.v4.acl.enable option affect all members of the high-availability configuration in usage mode. You need to make sure that the change parameters are consistent with the member permissions in the highly available pairing.
NetApp storage is now fully integrated with the Linux environment, and administrators can use it as a local Linux file system