Hi,
one of our use cases for CephFS is home directories for our LDAP
users. The user's VMs use kernel mount with a autofs user which has
the CephFS auth caps. So we don't have each user as a client but one
main CephFS client. Maybe that helps as a workaround?
Regards,
Eugen
Zitat von Burkhard Linke <burkhard.li...@computational.bio.uni-giessen.de>:
Hi,
On 30.06.25 18:26, gagan tiwari wrote:
Hi Guys,
We have a Ldap server with all users login details.
We have to mount data stored in Ceph to several client nodes via CephFS so
that users can access that data and start using that data in
their processes. But we need to grant permission / ownership to users to
enable them to access that data.
like chown user:group /dirs ( on Linux )
How will cephfs recognize users , groups that are in Ldap ?
Will I need to set-up Ldap authentication on all nodes in Ceph cluster for
this purpose ( ceph mgr , ceph mons , ceph mds and all ods nodes )
cephfs does not care for unix permissions and does not know users
and groups (except UID and GID, which may be part of some requests).
It does not know about unix group memberships etc.
The _clients_ are managing authentication and authorization, and
also the clients grant permissions to access files or directory. You
do not (read: you _cannot_) configure LDAP on mons, mgr, mds or
osds. They do not need it.
This is a sharp contrast to NFS. A NFS v4 server is able to ignore
client side authorization and perform user/group lookup by itself,
e.g. via PAM or maybe even directly.
Best regards,
Burkhard Linke
Please advise.
Thanks,
Gagan
_______________________________________________
ceph-users mailing list -- ceph-users@ceph.io
To unsubscribe send an email to ceph-users-le...@ceph.io
_______________________________________________
ceph-users mailing list -- ceph-users@ceph.io
To unsubscribe send an email to ceph-users-le...@ceph.io
_______________________________________________
ceph-users mailing list -- ceph-users@ceph.io
To unsubscribe send an email to ceph-users-le...@ceph.io
