Any user, who authenticates by any mechanism, must have an associated person node in SkyVault. Person nodes can be:
- Explicitly created
- Created on demand with some default entries
- Created from LDAP synchronization
Person nodes are explicitly created when using SkyVault Share to manage users.
By default, person nodes are auto-created if not present. If an external authentication system is configured, such as NTLM, when any user authenticates, an appropriate person node might not exist. If a person node does not exist and auto-creation is enabled, a person node will then be created using the identifier exactly as presented by the user and validated by the authentication system. The auto-created Person node’s userName will have the same case as typed by the user. LDAP synchronization will create person nodes with the userName, as provided from the LDAP server.
It is possible that LDAP synchronization can change the userName associated with a Person node. For example, this can happen with a system that uses NTLM authentication, LDAP synchronization, or a system that creates person nodes on demand, or uses case-insensitive authentication. For example, Andy could log in as “Andy” and the associated Person node is created with the userName “Andy.” Later, the LDAP synchronization runs and changes the userName to “andy”.
Changes to Person node userNames will cause updates to other related data in SkyVault, such as ACL assignment.