One trick we have found so far is applicable when renumbering the UID or GID of a Unix user:
- First assign to the Unix user a new UID/GID in the LDAP server
- Then run nfs nsdb flush on the filer to flush its naming cache
- Wait another 60 seconds on your NFSv3 client until its attribute cache has timed out
Now all files in NTFS mode in the mixed qtree owned by that user will already show the new UID/GID.
Therefore, you can now safely chown -R from an NFSv3 client all the other files that still show
the old UID/GID, as all these will be Unix-mode files.
(NFSv4 is slightly more complicated, as the client doesn't see the actual UID/GID numbers.
For NFSv4 you have to keep in LDAP names for both the old and the new UID/GID numbers,
otherwise they will be mangled into nobody:nogroup. It is probably safer to do this via NFSv3.
We haven't been using NFSv4 ACLs yet, so no idea what to do about these.)
