A user map is made up of a set of entries that define users in different domains that are to be considered equivalent. Each entry is defined as a tuple (duid, sid), where duid is the domain-qualified UNIX® user ID, and sid is the domain-qualified Windows® user ID. The tuple implies that the first identity is equivalent to the second identity. This relationship is symmetric, but not transitive. For example, if user1 in domain1 is equivalent to user2 in domain2 and user3 in domain3, you must specify three user map entries.
You can specify mapped users in terms of user name or ID. IDs might simplify custom scripts that you have created to download mappings exported from third party mapping facilities.
The UNIX user name or ID must be qualified by the domain name of the UNIX directory service. Currently, you can configure SAN File System to access only a single UNIX directory service; therefore, the map entries are constrained to reference one common UNIX domain.
The Windows user name or ID must be qualified by a Windows domain. SAN File System permits any number of Windows domains provided that all of them are served by a single Active Directory instance. You can use trust relationships among Active Directory servers to allow a single Active Directory instance to serve information on multiple domains. The Windows domain and users are implicitly qualified by the single Active Directory instance that SAN File System is configured to access. SAN File System rejects Windows user names or IDs that are not known to the Active Directory instance.
The entries are constrained to a 1:1 relationship. In other words, a domain-qualified UNIX user name or ID cannot appear more than once on the UNIX side of the map, and a domain-qualified Windows user name or ID cannot appear more than once on the Windows side of the map.
When you add a new entry to the user map or refresh the user map, the master metadata server verifies that the user name or ID exists in the predefined UNIX and Windows directory services, translates the domain-qualified user names into IDs (if necessary), and stores the user IDs in the system pool.
Parent topic: File sharing