I'm curious about this statement:
The reason I ask is because I use a bunch of storage appliances that offer Secure-NFS (NETAPP, EMC UNITY, etc.), but they only support NIS, IDMU, RFC2307, and RFC2307bis style Identity Mapping, all of which require manual assignment of UID/GID numbers to objects in LDAP, which is untenable for large environments.
What is the alternative?
We have beaucoup (older) storage appliances that (lamentably) each have to run their own usermapper to map between Windows SIDs to UNIX UIDs. It's a pain to maintain all those usermappers on all those NAS heads. We're wanting to migrate them to use the Posix Attributes stored in AD (aka RFC 2307bis). The MS-provided schema extension. Same as sssd on the Linux servers use.
Per-NAS head usermappers seem ideal for a small env, where the AD admin doesn't want to extend the AD schema; not so much for a large env with beaucoup NAS heads.
Spike