The Novell Identity Translator (NIT) is a new service in OES 2015 as briefly explained in the following sections:
For more information, see NIT (Novell Identity Translator) in the OES 2018 SP2: NSS AD Administration Guide.
OES includes a new authorization model for CIFS-user access to NSS volumes.
The new model requires that eDirectory and Active Directory (AD) users all have unique User IDs (UIDs).
eDirectory: LUM-enabled eDirectory users have UIDs; non-LUM-enabled eDirectory users do not.
Active Directory: Generally speaking, AD users don’t have UIDs, but AD can be configured to assign the uidNumber attribute to users when required.
The Novell Identity Translator (NIT) lets you ensure that all users requiring NSS authorization have the required UIDs.
eDirectory: When NIT is properly configured, all eDirectory users can access NSS using Novell CIFS, as summarized in Table 7-1.
Table 7-1 NIT Guarantees UIDs for All eDirectory Users
User UID Status in eDirectory |
What NIT Does |
---|---|
LUM-enabled user |
Retrieves the UID from eDirectory |
Non-LUM-enabled user |
Generates a UID within the specified UID range |
Active Directory: If needed, you can configure NIT to simply retrieve and pass along UIDs that are set in Active Directory by deselecting the Generate UIDs for AD Users option when you Configure the NSS for Active Directory service. However, you must then ensure that all AD users who need access to NSS through CIFS have the uidNumber attribute set on their AD account. This caveat is summarized in Table 7-2.
Table 7-2 NIT Must Be Properly Configured to Guarantee UIDs for Active Directory Users Who Need Them
UIDs in Active Directory |
UID Generation |
What NIT Does |
---|---|---|
The uidNumber attribute is set for some or all AD users. Those users have a UID number in Active Directory. |
Enabled |
Generates UIDs within the specified UID range for all AD users needing NSS access. The uidNumber attribute in Active Directory is ignored. |
Disabled |
Retrieves the uidNUmber from Active Directory when available. Users without a uidNumber cannot access NSS. |
|
The uidNumber attribute is not set for any AD users. No AD users have a UID number in Active Directory |
Enabled |
Generates UIDs within the specified UID range for all AD users needing NSS access. |
Disabled |
No users can access NSS because none of them has a UID. |
NIT is used as an infrastructure component by various OES components, including Novell CIFS, NSS, and SMS.