Project

General

Profile

Feature #10990

Updated by Gordon Ross over 2 years ago

RFC2307 (https://www.ietf.org/rfc/rfc2307.txt) defines the expected fields within LDAP that should be present to allow UNIX systems to use LDAP as a naming service. This is a well documented and accepted RFC for UNIX and Storage vendors alike. 

 These extensions are typically added into Active Directory by installing IDMU on the Windows DC and are commonly used in the field to facilitate Windows to Unix mapping of users and groups as well as being required to workaround the 16-group NFS limitation as outlined in http://www.xkyle.com/solving-the-nfs-16-group-limit-problem/ and NEX-1974. 

 Certain customer environments may not have fully implemented RFC2307 for historical reasons and instead rely on 3rd party software (Vintela or Centrify) for bridging the gap and allowing UNIX/Linux to use Active Directory to provide User and Group membership. 

 The end result of this is that certain fields may be missing or named differently or contain different information. For renamed fields this can be worked around by setting the attributemap option to the ldapclient command. Missing fields are far more problematic. 

Back