Verify the Configuration

Use Mount target NFS metrics and logs to verify the configuration of the mount target. You can query LDAP to verify if the RFC2307 attributes are properly configured on users and groups.

Verify the LDAP and Kerberos Configurations

Mount targets provide metrics to provide the status of Kerberos and LDAP. Mount target logs and metrics are available under the Resources section of the mount target detail page in the OCI Console.

Mount target metrics are available in the following metrics reports: KerberosErrors, LdapRequestThroughput, LdapRequestAverageLatency, LdapConnectionErrors, and LdapRequestErrors.
Kerberos and LDAP logs are available in mount target logs. You can access the logs under the Resources section of the mount target details page.

Verify the LDAP Configuration

You can use the following methods to verify the RFC2307 attributes of the user and groups.

Use the following sample search from a Linux instance to list Unix uid and gid of the user in Active Directory. You can use a similar search with any LDAP search tools.

$ LDAPTLS_REQCERT=never ldapsearch -D CN=ldap_user,CN=Users,DC=fss-ad,DC=com -b DC=fss-ad,DC=com -W -x -LLL -H ldaps://ad-server.fss-ad.com:636 -s sub '(&(objectClass=posixAccount)(uid=aboo))'  uidNumber gidNumber

dn: CN=Aboo Valappil,CN=Users,DC=fss-ad,DC=com
uidNumber: 3333
gidNumber: 4444

A sample search in Active Directory to show the Unix gid of all the group a user belongs to.

$ LDAPTLS_REQCERT=never ldapsearch -D CN=ldap_user,CN=Users,DC=fss-ad,DC=com -b DC=fss-ad,DC=com -w 'N@sadm1nbaba' -x -LLL -H ldaps://ad-server.fss-ad.com:636 -s sub '(&(objectClass=posixGroup)(memberUid=aboo))'  gidNumber

dn: CN=Domain Admins,CN=Users,DC=fss-ad,DC=com
gidNumber: 5555

dn: CN=Domain Users,CN=Users,DC=fss-ad,DC=com
gidNumber: 4444

In Windows, you can use ldp.exe to perform the above searches to verify the LDAP server and directory settings.
- Connect to LDAP server (localhost:636)
- Simple bind using the LDAP user bind DN and password
- Perform searches