|
APIs in Category: name-mapping |
Cluster-Mode API version 1.15 |
name-mapping-get-iter |
This set of APIs are used to manage name mappings between Kerberos users, Windows users and UNIX users. name-mapping-unix-user APIs are used to manage local UNIX users. name-mapping-unix-group APIs are used to manage local UNIX groups. When a NFS client wishes to access a file having NTFS style permission, name-mapping rule is applied to determine the Windows User that maps to the NFS Client user under consideration. When a CIFS client wishes to access a file having UNIX style permission name-mapping rule is applied to determine the UNIX user that maps to the CIFS user under consideration. When neither NIS nor LDAP is configured, credentials for the mapped UNIX user is obtained from the local database created using name-mapping-unix-user and name-mapping-unix-group APIs. |
| name-mapping-get-iter | [top] |
Retrieve the list of name mappings in the cluster.
Input Name Range Type Description desired-attributes name-mapping-info
optional
Specify the attributes that should be returned. If not present, all attributes for which information is available will be returned. If present, only the desired attributes for which information is available will be returned. max-records [1..100] integer
optional
The maximum number of records to return in this call. Default: 20 query name-mapping-info
optional
A query that specifies which objects to return. A query could be specified on any number of attributes in the name-mapping object. All name-mapping objects matching this query up to 'max-records' will be returned. tag string
optional
Specify the tag from the last call. It is usually not specified for the first call. For subsequent calls, copy values from the 'next-tag' obtained from the previous call. Output Name Range Type Description attributes-list name-mapping-info[]
optional
The list of attributes of name-mapping objects. next-tag string
optional
Tag for the next call. Not present when there are no more name-mapping objects to return. num-records [0..100] integer
The number of records returned in this call.
Errno Description EINTERNALERROR
| name-mapping-unix-group-get-iter | [top] |
Iterate over a list of UNIX groups.
Input Name Range Type Description desired-attributes unix-group-info
optional
Specify the attributes that should be returned. If not present, all attributes for which information is available will be returned. If present, only the desired attributes for which information is available will be returned. max-records [1..100] integer
optional
The maximum number of records to return in this call. Default: 20 query unix-group-info
optional
A query that specifies which objects to return. A query could be specified on any number of attributes in the UNIX group information object. All UNIX group information objects matching this query up to 'max-records' will be returned. tag string
optional
Specify the tag from the last call. It is usually not specified for the first call. For subsequent calls, copy values from the 'next-tag' obtained from the previous call. Output Name Range Type Description attributes-list unix-group-info[]
optional
The list of attributes of UNIX group information objects. next-tag string
optional
Tag for the next call. Not present when there are no more UNIX group information objects to return. num-records [0..100] integer
The number of records returned in this call.
Errno Description EINTERNALERROR EINVALIDINPUTERROR EVSERVERNTFOUND
| name-mapping-unix-user-get-iter | [top] |
Iterate over a list of UNIX users.
Input Name Range Type Description desired-attributes unix-user-info
optional
Specify the attributes that should be returned. If not present, all attributes for which information is available will be returned. If present, only the desired attributes for which information is available will be returned. max-records [1..100] integer
optional
The maximum number of records to return in this call. Default: 20 query unix-user-info
optional
A query that specifies which objects to return. A query could be specified on any number of attributes in the UNIX user information object. All UNIX user information objects matching this query up to 'max-records' will be returned. tag string
optional
Specify the tag from the last call. It is usually not specified for the first call. For subsequent calls, copy values from the 'next-tag' obtained from the previous call. Output Name Range Type Description attributes-list unix-user-info[]
optional
The list of attributes of UNIX user information objects. next-tag string
optional
Tag for the next call. Not present when there are no more UNIX user information objects to return. num-records [0..100] integer
The number of records returned in this call.
Errno Description EINTERNALERROR EINVALIDINPUTERROR EVSERVERNTFOUND
| Element definition: name-mapping-info | [top] |
Name mapping configuration for Vservers. The possible sources of name mapping information and the order in which they are searched is determined by the Vserver's 'name-mapping-switch' option. If the 'name-mapping-switch' is set to 'file', the rules in this table are used to determine the mapping. Windows user names, UNIX user names and Kerberos principal names can be three disjoint sets of names. A mechanism is needed to map users from one set to another when performing authorization checks. Each name mapping entry represents one such map in a given direction. Name mappings are done using standard UNIX style regular expressions for pattern replacement. For example if a configuration is required to convert any Windows user in the Windows domain name 'EXAMPLE' into a UNIX user with the same name in NIS, the direction entry should be set to 'win-unix', the pattern string should be set to 'EXAMPLE\\(.+)' and the replacement string should be set to '\1'. The double backslash (\\) in the pattern matches a single backslash in the source name. The parentheses denote a subexpression but do not match any characters themselves. The 'period' matches any single character. The 'plus' matches one or more characters of the previous expression. The pattern 'EXAMPLE\\(.+)' matches 'EXAMPLE\' followed by one or more of any character. In the replacement, '\1' refers to the string that the first subexpression matched. Assuming the Windows user 'EXAMPLE\user1', the replacement evaluates to 'user1'. If a mapping is required from Windows to UNIX and none of the name mapping entries match, the domain name is stripped from the the username and it is directly mapped to the UNIX user of the same name. Similarly if a mapping is required from a UNIX user to a Windows user and none of the name mapping entries match, the domain name is prefixed to the username and it is directly mapped to a Windows user of the same name. When returned as part of the output, all elements of this typedef are reported, unless limited by a set of desired attributes specified by the caller. When used as input to specify desired attributes to return, omitting a given element indicates that it shall not be returned in the output. In contrast, by providing an element (even with no value) the caller ensures that a value for that element will be returned, given that the value can be retrieved.
When used as input to specify queries, any element can be omitted in which case the resulting set of objects is not constrained by any specific value of that attribute.
Name Range Type Description direction name-mapping-direction
optional
Direction in which the name mapping is applied. Attributes: key, required-for-create, non-modifiable Possible values:
- "krb_unix" - Kerberos principal name to UNIX user name mapping,
- "win_unix" - Windows user name to UNIX user name mapping,
- "unix_win" - UNIX user name to Windows user name mapping
pattern string
optional
Pattern to use to match the name while searching for a name that can be used as a replacement. The pattern is a UNIX-style regular expression. Regular expressions are case-insensitive when mapping from Windows to UNIX, and they are case-sensitive for mappings from Kerberos to UNIX and UNIX to Windows. Attributes: required-for-create, modifiable position [1..1024] integer
optional
Position of an existing name mapping in the list of name mappings for this Vserver. Attributes: key, required-for-create, non-modifiable replacement string
optional
The name that is to be used as a replacement if the pattern associated with this entry matches. The replacement is a string containing escape sequences representing subexpressions from the pattern, as in the UNIX 'sed' program. Attributes: required-for-create, modifiable
| Element definition: unix-group-info | [top] |
UNIX group information When returned as part of the output, all elements of this typedef are reported, unless limited by a set of desired attributes specified by the caller. When used as input to specify desired attributes to return, omitting a given element indicates that it shall not be returned in the output. In contrast, by providing an element (even with no value) the caller ensures that a value for that element will be returned, given that the value can be retrieved.
When used as input to specify queries, any element can be omitted in which case the resulting set of objects is not constrained by any specific value of that attribute.
Name Range Type Description group-id [0..2^32-1] integer
optional
Specifies an identification number for the UNIX group. Attributes: required-for-create, modifiable group-name string
optional
Specifies UNIX group name. Attributes: key, required-for-create, non-modifiable users unix-user-name[]
optional
Specifies the list of UNIX users that belong to the UNIX group. vserver string
optional
Specifies the Vserver for the group. Attributes: key, non-creatable, non-modifiable
| Element definition: unix-user-info | [top] |
UNIX user information When returned as part of the output, all elements of this typedef are reported, unless limited by a set of desired attributes specified by the caller. When used as input to specify desired attributes to return, omitting a given element indicates that it shall not be returned in the output. In contrast, by providing an element (even with no value) the caller ensures that a value for that element will be returned, given that the value can be retrieved.
When used as input to specify queries, any element can be omitted in which case the resulting set of objects is not constrained by any specific value of that attribute.
Name Range Type Description full-name string
optional
Specifies the full name of the UNIX user. Attributes: optional-for-create, modifiable group-id [0..2^32-1] integer
optional
Specifies the primary group identification number for the UNIX user. Attributes: required-for-create, modifiable user-id [0..2^32-1] integer
optional
Specifies an identification number for the UNIX user. Attributes: required-for-create, modifiable user-name string
optional
Specifies user's UNIX account name. Attributes: key, required-for-create, non-modifiable vserver string
optional
Specifies the Vserver for the UNIX user. Attributes: key, non-creatable, non-modifiable
| Element definition: name-mapping-direction | [top] |
Direction of the name mapping. Possible values:
- "krb_unix" - Kerberos principal name to UNIX user name mapping,
- "win_unix" - Windows user name to UNIX user name mapping,
- "unix_win" - UNIX user name to Windows user name mapping
[none]
| Element definition: unix-user-name | [top] |
Specifies user name information.
Name Range Type Description user-name string
optional
Specifies user's UNIX account name. Attributes: non-creatable, non-modifiable