You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Add details: LDAP with extended groups supports NFSv4.1 & NFSv3, supports ADDS & ADDS only, doesn't support OpenLDAP.
Added various tidbits (per input from Mark B.) -
You can use the LDAP with extended groups feature with both NFSv4.1 and NFSv3 volumes.
LDAP with extended groups is supported only with Active Directory Domain Services (ADDS) or Azure Active Directory Domain services (AADDS). OpenLDAP or other third-party LDAP directory services are not supported.
Ensure that you have configured the Active Directory connection settings. A machine account will be created in the organizational unit (OU) that is specified in the Active Directory connection settings. The settings are used by the LDAP client to authenticate with your Active Directory.
Copy file name to clipboardExpand all lines: articles/azure-netapp-files/configure-ldap-extended-groups.md
+8-3Lines changed: 8 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -13,17 +13,19 @@ ms.workload: storage
13
13
ms.tgt_pltfrm: na
14
14
ms.devlang: na
15
15
ms.topic: how-to
16
-
ms.date: 04/08/2021
16
+
ms.date: 04/09/2021
17
17
ms.author: b-juche
18
18
---
19
19
# Configure ADDS LDAP with extended groups for NFS volume access
20
20
21
-
When you [create an NFS volume](azure-netapp-files-create-volumes.md), you have the option to enable the LDAP with extended groups feature (the **LDAP** option) for the volume. This feature enables Active Directory LDAP users and extended groups (up to 1024 groups) to access the volume.
21
+
When you [create an NFS volume](azure-netapp-files-create-volumes.md), you have the option to enable the LDAP with extended groups feature (the **LDAP** option) for the volume. This feature enables Active Directory LDAP users and extended groups (up to 1024 groups) to access the volume. You can use the LDAP with extended groups feature with both NFSv4.1 and NFSv3 volumes.
22
22
23
23
This article explains the considerations and steps for enabling LDAP with extended groups when you create an NFS volume.
24
24
25
25
## Considerations
26
26
27
+
* LDAP with extended groups is supported only with Active Directory Domain Services (ADDS) or Azure Active Directory Domain services (AADDS). OpenLDAP or other third-party LDAP directory services are not supported.
28
+
27
29
* LDAP over TLS must *not* be enabled if you are using Azure Active Directory Domain Services (AADDS).
28
30
29
31
* If you enable the LDAP with extended groups feature, LDAP-enabled [Kerberos volumes](configure-kerberos-encryption.md) will not correctly display the file ownership for LDAP users. A file or directory created by an LDAP user will default to `root` as the owner instead of the actual LDAP user. However, the `root` account can manually change the file ownership by using the command `chown <username> <filename>`.
@@ -64,6 +66,9 @@ This article explains the considerations and steps for enabling LDAP with extend
64
66
65
67
2. LDAP volumes require an Active Directory configuration for LDAP server settings. Follow instructions in [Requirements for Active Directory connections](create-active-directory-connections.md#requirements-for-active-directory-connections) and [Create an Active Directory connection](create-active-directory-connections.md#create-an-active-directory-connection) to configure Active Directory connections on the Azure portal.
66
68
69
+
> [!NOTE]
70
+
> Ensure that you have configured the Active Directory connection settings. A machine account will be created in the organizational unit (OU) that is specified in the Active Directory connection settings. The settings are used by the LDAP client to authenticate with your Active Directory.
71
+
67
72
3. Ensure that the Active Directory LDAP server is up and running on the Active Directory.
68
73
69
74
4. LDAP NFS users need to have certain POSIX attributes on the LDAP server. Set the attributes for LDAP users and LDAP groups as follows:
@@ -77,7 +82,7 @@ This article explains the considerations and steps for enabling LDAP with extend
5. If you want to configure an LDAP-integrated Linux client, see [Configure an NFS client for Azure NetApp Files](configure-nfs-clients.md).
85
+
5. If you want to configure an LDAP-integrated NFSv4.1 Linux client, see [Configure an NFS client for Azure NetApp Files](configure-nfs-clients.md).
81
86
82
87
6. Follow steps in [Create an NFS volume for Azure NetApp Files](azure-netapp-files-create-volumes.md) to create an NFS volume. During the volume creation process, under the **Protocol** tab, enable the **LDAP** option.
0 commit comments