7.5 About Novell Identity Translator (NIT)

The Novell Identity Translator (NIT) is a new service in OES 2015 as briefly explained in the following sections:

For more information, see NIT (Novell Identity Translator) in the OES 23.4: NSS AD Administration Guide.

A New NSS Authorization Model

OES includes a new authorization model for CIFS-user access to NSS volumes.

The new model requires that eDirectory and Active Directory (AD) users all have unique User IDs (UIDs).

Not All Users Have UIDs

  • eDirectory: LUM-enabled eDirectory users have UIDs; non-LUM-enabled eDirectory users do not.

  • Active Directory: Generally speaking, AD users don’t have UIDs, but AD can be configured to assign the uidNumber attribute to users when required.

Ensuring that Your CIFS-NSS Users Have UIDs

The Novell Identity Translator (NIT) lets you ensure that all users requiring NSS authorization have the required UIDs.

  • eDirectory: When NIT is properly configured, all eDirectory users can access NSS using Novell CIFS, as summarized in Table 7-1.

    Table 7-1 NIT Guarantees UIDs for All eDirectory Users

    User UID Status in eDirectory

    What NIT Does

    LUM-enabled user

    Retrieves the UID from eDirectory

    Non-LUM-enabled user

    Generates a UID within the specified UID range

  • Active Directory: If needed, you can configure NIT to simply retrieve and pass along UIDs that are set in Active Directory by deselecting the Generate UIDs for AD Users option when you Configure the NSS for Active Directory service. However, you must then ensure that all AD users who need access to NSS through CIFS have the uidNumber attribute set on their AD account. This caveat is summarized in Table 7-2.

    Table 7-2 NIT Must Be Properly Configured to Guarantee UIDs for Active Directory Users Who Need Them

    UIDs in Active Directory

    UID Generation

    What NIT Does

    The uidNumber attribute is set for some or all AD users.

    Those users have a UID number in Active Directory.

    Enabled

    Generates UIDs within the specified UID range for all AD users needing NSS access.

    The uidNumber attribute in Active Directory is ignored.

    Disabled

    Retrieves the uidNUmber from Active Directory when available.

    Users without a uidNumber cannot access NSS.

    The uidNumber attribute is not set for any AD users.

    No AD users have a UID number in Active Directory

    Enabled

    Generates UIDs within the specified UID range for all AD users needing NSS access.

    Disabled

    No users can access NSS because none of them has a UID.

Which OES Components Rely on NIT

NIT is used as an infrastructure component by various OES components, including Novell CIFS, NSS, and SMS.