Sunday, 16 February 2014

Vserver Name-Mapping versus /etc/usermap.cfg Examples

UPDATE: Some of the mappings below, even though they don't error and are accepted in the Clustershell, they won't work (essentially, mappings with subnet/IP addresses in, do not work in CDOT!)

On the web there is this article Examples of usermap.cfg entries for Data ONTAP (operating in 7-Mode) and I was curious how they’d look in the world of Clustered ONTAP, which leads onto this post...

Firstly, if you scan the contents of the Clustered Data ONTAP 8.2 Commands: Manual Page Reference for the word “mapping”, you’ll find these sections:

vserver cifs domain name-mapping-search (for trusted domains)
vserver group-mapping (for mapping groups to groups)
vserver name-mapping (for mapping users - including user groups)

Here, we’re only interesting in: vserver name-mapping

Note: “Patterns (pattern and replacement field) can be expressed as POSIX regular expressions. For information about regular expressions, see the UNIX reference page for regex” (the following link is a good starting point http://www.unix-manuals.com/refs/regex/regex.htm)

What is a null character in regex? \x00

The /etc/usermap.cfg entries always have the Windows user on the left and UNIX user on the right. No explanation here for what the mappings do - for that there is the original link - I just show how they convert to Clustered ONTAP commands (at least how I think they should - please let me know if you come across any errors).

The Examples

1) "Bob Garj" == bobg

vserver name-mapping create -direction win-unix -pattern "Bob Garj" -replacement bobg -position 1 -vserver SVM
vserver name-mapping create -direction unix-win -pattern bobg -replacement “Bob Garg” -position 2 -vserver SVM

2) mktg\Roy => nobody

vserver name-mapping create -direction win-unix -pattern mktg\Roy -replacement nobody -position 1 -vserver SVM

3) engr\Tom => ""

vserver name-mapping create -direction win-unix -pattern engr\\Tom -replacement \x00 -position 1 -vserver SVM

4) uguest <= *

vserver name-mapping create -direction unix-win -pattern * -replacement uguest -position 1 -vserver SVM

5) *\root => ""

vserver name-mapping create -direction win-unix -pattern *\\root -replacement \x00 -position 1 -vserver SVM

6) corporate\* == pcuser

vserver name-mapping create -direction win-unix -pattern corporate\\* -replacement pcuser -position 1 -vserver SVM

7) Engineer == *

vserver name-mapping create -direction unix-win -pattern * -replacement Engineer -position 1 -vserver SVM

8) homeusers\* == *

vserver name-mapping create -direction win-unix -pattern homeusers\\(.+) -replacement \1 -position 1 -vserver SVM

9) Engineering\* <= sunbox2:*

vserver name-mapping create -direction unix-win -pattern sunbox2:(.+) -replacement Engineering\\\1 -position 1 -vserver SVM

10) Engineering\* <= 192.9.200.70:*

vserver name-mapping create -direction unix-win -pattern 192.9.200.70:(.+) -replacement Engineering\\\1 -position 1 -vserver SVM

11) "" <= 192.9.200.0/24:*

vserver name-mapping create -direction unix-win -pattern 192.9.200.0/24:* -replacement \x00 -position 1 -vserver SVM

12) 192.9.200.0/24:test-dom\* => ""

vserver name-mapping create -direction win-unix -pattern 192.9.200.0/24:test-dom\\* -replacement \x00 -position 1 -vserver SVM

13) *\* == corpnet/255.255.0.0:*

vserver name-mapping create -direction win-unix -pattern *\\(.+) -replacement corpnet/255.255.0.0:\1 -position 1 -vserver SVM
vserver name-mapping create -direction unix-win -pattern corpnet/255.255.0.0:(.+)  -replacement *\\\1 -position 2 -vserver SVM

PS These have not been tested in anger, just tested in the CDOT CLI and there are no syntax errors from any of the above!

PPS It would be interesting if there was a tool to convert “usermap.cfg” to “vserver name-mapping” - perhaps another post...

Image: Name Mapping in OnCommand System Manager

No comments:

Post a Comment