If a tenant is connected to two external authorization providers, one of the providers is always set to be the POSIX primary provider. If both providers have POSIX user attributes, then in case of any conflict between POSIX attributes that are retrieved from the providers, the POSIX primary takes precedence over the other provider.
Setting the POSIX primary provider enables you to make sure that conflicting query results are resolved in favor of the provider that stores the correct POSIX attributes for users. For more detail about how providers are queried, see Understanding User Management and Authorization.
You can set the POSIX primary provider per tenant when you create or modify a tenant.
Every tenant has a setting called POSIX Primary Provider which can be set to any external provider connected to the tenant.
To check this setting per tenant from the VAST Web UI, go to the Tenants tab of the Element Store page, open the Actions menu for the tenant, select View and then select the Providers tab.
In the VAST CLI, the POSIX Primary setting is displayed in the output of the tenant show command.
In the Element Store page, go to the Tenants tab.
Click the Actions button () for the tenant and select Edit from the Actions menu.
Select the Providers tab and select the provider from the POSIX Primary Provider dropdown.
Click Update to save your change.
To change the POSIX provider from the VAST CLI, use the tenant modify command with the
--posix-primary-provider parameter. For example:
vcli: admin> tenant modify --id 2 --posix-primary-provider LDAP
Article is closed for comments.