6.14 Novell Identity Translator (NIT)

Novell Identity Translator is a new service in OES 2015.

6.14.1 NIT and LUM UID Ranges Must Not Overlap

Ensure that Your LUM and NIT UID Ranges Don’t Overlap.

For more information, see Not All Users Have UIDs by Default and Ensuring that Your CIFS-NSS Users Have UIDs in the OES 2015 SP1: NSS AD Administration Guide.

6.14.2 Choosing the Best NIT Generate-Mode Settings for Your AD Users

For AD users, NIT runs in one of two modes, as outlined in Table 6-1.

Table 6-1 NIT AD-UID Mode Summary

AD-UID Mode

Details

Generate

  • Default mode

  • /etc/opt/novell/nit/nitd.conf > ad-uid-generate-mode=1

    (The option is enabled.)

  • NIT generates UIDs for all users and groups that need them, ignoring the uidNumber attribute in Active Directory.

  • NSS is accessible to all otherwise-qualified AD users and groups.

Fetch

  • /etc/opt/novell/nit/nitd.conf > ad-uid-generate-mode=0

    (The option is disabled.)

  • NIT retrieves UIDs for AD users and groups that have the uidNumber attribute in Active Directory

  • NSS is accessible only to AD users and groups that have the uidNumber attribute in Active Directory.

6.14.3 Actions that Require a Server Restart

The following changes to a server’s NIT configuration require a server restart:

  • Changing the AD-UID Generate mode (ad-uid-generate-mode in the nitd.conf file).

    The two mutually exclusive options are Generate and Fetch.

  • Changing the UID range that NIT uses (uid-start-range or uid-end-range in the nitd.conf file).

For more information, see NIT (Novell Identity Translator) in the OES 2015 SP1: NSS AD Administration Guide.