AD Lookup with ADAM/ADLDS
With removal of UNM in Vista/W2K8, it became really problematic to map users in non-AD environments to use with Vista/LH NFS Servers and Clients. For client, a workaround was discovered which was essentially a registry tweak and did allow more than user to be able to access the resources. Now, a guide exists that details the steps to install and configure ADLDS (Active Directory Lightweight Directory Services) and to use it with NFS for UNIX identity information source. I have not worked on ADAM but I suppose the steps would apply to ADAM. Although, ADAM is not supported on Vista, the word is that it works so if it is absolutely necessary to use ADAM on Vista – it shouldn’t be difficult to get it to work.
While one of my colleague got it to work, it seems that the point is easily missed that the NFS Server or Client system should have all the users accounts created locally as well as in ADLDS to get this solution to work. That’s some extra work.
Using ADLDS also makes it easy to replicate one ADLDS instance with another instance running on another computer with little efforts. This can help avoiding a single point of failure and to provide a mechanism where the ADLDS administration can be centralized. ADLDS would also make case when NFS/ADLDS should be used in isolated environments. Isolation can also be achieved using proxy object in ADLDS.
I haven’t worked on ADLDS extensively but planning it now. If you have something to add to this post, please do so by way of comments for the benefit of others.
BTW, the guide is accessible here.