View user identity

You can view the identities and group membership that a specified user has within the Active Directory and LDAP directory services, including the user's security identifier (SID) history.

About this task

This procedure must be performed through the command-line interface (CLI).

Note Image

The OneFS user access token contains a combination of identities from Active Directory and LDAP if both directory services are configured. You can run the following commands to discover the identities that are within each specific directory service.

Procedure

  1. Establish an SSH connection to any node in the cluster.
  2. View a user identity from Active Directory only by running the isi auth users view command.
    The following command displays the identity of a user named stand in the Active Directory domain named YORK:
    isi auth users view --user=YORK\\stand --show-groups
    The system displays output similar to the following example:
               Name: YORK\stand
                 DN: CN=stand,CN=Users,DC=york,DC=hull,DC=example,DC=com
         DNS Domain: york.hull.example.com
             Domain: YORK
           Provider: lsa-activedirectory-provider:YORK.HULL.EXAMPLE.COM
    Sam Account Name: stand
                UID: 4326
                SID: S-1-5-21-1195855716-1269722693-1240286574-591111
      Primary Group
                   ID : GID:1000000
                 Name : YORK\york_sh_udg
     Additional Groups: YORK\sd-york space group
                        YORK\york_sh_udg
                        YORK\sd-york-group
                        YORK\sd-group
                        YORK\domain users
  3. View a user identity from LDAP only by running the isi auth users view command.
    The following command displays the identity of an LDAP user named stand:
    isi auth user view --user=stand --show-groups
    The system displays output similar to the following example:
               Name: stand
            DN: uid=stand,ou=People,dc=colorado4,dc=hull,dc=example,dc=com
    DNS Domain: -
        Domain: LDAP_USERS
      Provider: lsa-ldap-provider:Unix LDAP
    Sam Account Name: stand
                 UID: 4326
                 SID: S-1-22-1-4326
        Primary Group
                    ID : GID:7222
                  Name : stand
      Additional Groups: stand
                         sd-group
                         sd-group2