IETF Logo Mail Archive

Re: [nfsv4] Name Mappings for NFSv4 in Active Directory

Nicolas Williams <Nicolas.Williams@sun.com> Wed, 08 October 2003 22:13 UTC

Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA12424 for <nfsv4-archive@odin.ietf.org>; Wed, 8 Oct 2003 18:13:22 -0400 (EDT)
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1A7MYI-0005yM-NV for nfsv4-archive@odin.ietf.org; Wed, 08 Oct 2003 18:13:02 -0400
Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id h98MD2k3022952 for nfsv4-archive@odin.ietf.org; Wed, 8 Oct 2003 18:13:02 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1A7MYI-0005y7-J6 for nfsv4-web-archive@optimus.ietf.org; Wed, 08 Oct 2003 18:13:02 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA12364 for <nfsv4-web-archive@ietf.org>; Wed, 8 Oct 2003 18:12:51 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1A7MYF-00058j-00 for nfsv4-web-archive@ietf.org; Wed, 08 Oct 2003 18:12:59 -0400
Received: from ietf.org ([132.151.1.19] helo=optimus.ietf.org) by ietf-mx with esmtp (Exim 4.12) id 1A7MYF-00058g-00 for nfsv4-web-archive@ietf.org; Wed, 08 Oct 2003 18:12:59 -0400
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1A7MYH-0005x1-8h; Wed, 08 Oct 2003 18:13:01 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1A7MY3-0005wm-Hk for nfsv4@optimus.ietf.org; Wed, 08 Oct 2003 18:12:47 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA12338 for <nfsv4@ietf.org>; Wed, 8 Oct 2003 18:12:36 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1A7MY0-00058d-00 for nfsv4@ietf.org; Wed, 08 Oct 2003 18:12:44 -0400
Received: from brmea-mail-3.sun.com ([192.18.98.34]) by ietf-mx with esmtp (Exim 4.12) id 1A7MY0-00058a-00 for nfsv4@ietf.org; Wed, 08 Oct 2003 18:12:44 -0400
Received: from centralmail2brm.Central.Sun.COM ([129.147.62.14]) by brmea-mail-3.sun.com (8.12.10/8.12.9) with ESMTP id h98MCikv013717; Wed, 8 Oct 2003 16:12:44 -0600 (MDT)
Received: from binky.central.sun.com (binky.Central.Sun.COM [129.153.128.104]) by centralmail2brm.Central.Sun.COM (8.12.10+Sun/8.12.10/ENSMAIL,v2.2) with ESMTP id h98MCi58028765; Wed, 8 Oct 2003 16:12:44 -0600 (MDT)
Received: from binky.central.sun.com (localhost [127.0.0.1]) by binky.central.sun.com (8.12.5+Sun/8.12.3) with ESMTP id h98M8nQx021099; Wed, 8 Oct 2003 15:08:49 -0700 (PDT)
Received: (from nw141292@localhost) by binky.central.sun.com (8.12.5+Sun/8.12.3/Submit) id h98M8njE021098; Wed, 8 Oct 2003 15:08:49 -0700 (PDT)
From: Nicolas Williams <Nicolas.Williams@sun.com>
To: "Wachdorf, Daniel R" <drwachd@sandia.gov>
Cc: nfsv4@ietf.org
Subject: Re: [nfsv4] Name Mappings for NFSv4 in Active Directory
Message-ID: <20031008220849.GY17088@binky.central.sun.com>
Mail-Followup-To: "Wachdorf, Daniel R" <drwachd@sandia.gov>, nfsv4@ietf.org
References: <AC89BDA1E3CCBC42B9CA5B50FE7934D3032D08F4@es10snlnt.sandia.gov>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <AC89BDA1E3CCBC42B9CA5B50FE7934D3032D08F4@es10snlnt.sandia.gov>
User-Agent: Mutt/1.4i
Sender: nfsv4-admin@ietf.org
Errors-To: nfsv4-admin@ietf.org
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/mail-archive/working-groups/nfsv4/>
X-Original-Date: Wed, 8 Oct 2003 15:08:49 -0700
Date: Wed, 08 Oct 2003 15:08:49 -0700

On Wed, Oct 08, 2003 at 04:03:40PM -0600, Wachdorf, Daniel R wrote:
> I have seen that.  Is document describes a way of providing that same
> functionality (minus the communication piece) by placing this in active
> directory.
> This would allow:
> 	-foreign security principals to have group information associated
> with them.  You could add a foreign security principal into a local
> active directory group.

My draft does not address this one feature, but that's because the issue
is somewhat orthogonal to the mapping strategy itself - once you've
mapped foreign users you can make them members of groups in your domain
(yes, there be other details).

> 	-provides long term storage for a mapping of UID/GID to nfsv4 names.
> This is useful if file systems are replicated, or written to long-term
> backup mechanisms.
> 	-on the fly creation of UIDS/GIDS. (they would have be synchronized
> with the directory service).

Sounds good to me so far.

Of course, I'm interested in a solution that is not specific to
ActiveDirectory.

Besides that I'm curious as to how you address foreign domain user and
group name changes.  I solve the problem by making the permanent index
to foreign mappings be the tuple

{internal ID at foreign domain, foreign domain}

while counting on internal IDs not being reused without fair warning.


As an optimization my draft also allows for caching

user/group@domain <-> {foreign internal ID, foreign domain}

mappings for as long as a given name's foreign domain guarantees that a
name won't be reused.  I.e., if "jane@foobar.com" is renamed
"jane.doe@foobar.com" then the old name ("jane@foobar.com") won't be
re-used for X amount of time, which time is the max for which we can
cache the "jane@foobar.com" mapping.


Nico
-- 

_______________________________________________
nfsv4 mailing list
nfsv4@ietf.org
https://www1.ietf.org/mailman/listinfo/nfsv4

v2.23.0 | Report a Bug | By Email